LD_PRELOAD is an environment variable that tells the dynamic linker to load a specified shared library before all others — including the C standard library — giving it first pick of every function call the program makes. It exists for entirely legitimate reasons: testing, debugging, hot-patching without recompilation. It has also been used to intercept malloc, fake system calls, hide files from ls, cheat in games, and build remarkably elegant malware. Security researchers love it; system hardening guides universally recommend disabling it for privileged processes. Every Linux system ships with it enabled by default. The line between “powerful debugging feature” and “please just root my system” has always been thin on Unix, and LD_PRELOAD is where it’s thinnest.
