The use of LD_PRELOAD can make a program with privileges given by LIDS execute attackers code. This mean that a root intruder can get every capability or fs access you configured LIDS to grant.Moreover, if you granted CAP_SYS_RAWIO or CAP_SYS_MODULE to a program, an attacker could deactivate LIDS and thus, access any file.


Read more at www.xatrix.org if you want to be informed...