You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The file /etc/ld.so.preload is not deleted, and I get this message from sudo: "sudo: account validation failure, is your account locked?" The fact that sudo fails, has a nasty side effect as the user cannot logon anymore nor "sudo" anymore.
It seems that sudo is messed up by the library being preloaded (my educated guess).
The problem disappears after I delete /etc/ld.so.preload.
The problem does not come up if commands are rewritten without "sudo" in the yaml
There are also a couple of other issues with the commands:
The test command is overwriting any potentially existing /etc/ld.so.preload (we may fairly assume it didn't exist, but then why are we using sed to cleanup instead of a simple rm ?)
In the cleanup command the regex delimiters are confusing, better use a different delimiter: sudo sed -i 's|#{path_to_shared_library}||' /etc/ld.so.preload
executor:
command: | sudo sh -c 'echo #{path_to_shared_library} > /etc/ld.so.preload'cleanup_command: | sudo sed -i 's##{path_to_shared_library}##' /etc/ld.so.preloadname: bashelevation_required: true
Your Environment
Amazon Linux 2023.5.20240916 (basically a RedHat)
I run the test from elevated prompt (sudo -i), and then launching pwsh (Powershell on Linux)
Relevant to T1574.006 (but cannot exclude others)
The text was updated successfully, but these errors were encountered:
What did you do?
What did you expect to happen?
The file
/etc/ld.so.preload
should be deleted.What happened instead?
The file
/etc/ld.so.preload
is not deleted, and I get this message from sudo: "sudo: account validation failure, is your account locked?" The fact that sudo fails, has a nasty side effect as the user cannot logon anymore nor "sudo" anymore.It seems that sudo is messed up by the library being preloaded (my educated guess).
The problem disappears after I delete
/etc/ld.so.preload
.The problem does not come up if commands are rewritten without "sudo" in the yaml
There are also a couple of other issues with the commands:
/etc/ld.so.preload
(we may fairly assume it didn't exist, but then why are we usingsed
to cleanup instead of a simplerm
?)sudo sed -i 's|#{path_to_shared_library}||' /etc/ld.so.preload
Your Environment
The text was updated successfully, but these errors were encountered: