LD_PRELOAD

0001-01-01

LD_PRELOAD is an environment variable used by ld.so, the dynamic linker/loader on Linux that loads a list of additional, user-specified ELF shared objects that are loaded before all other shared objects.

This is used legitimately for hot patching or instrumenting code and maliciously by malware to install userland hooks, granting an attacker the primitives required to build a rootkit.

https://man7.org/linux/man-pages/man8/ld.so.8.html