Shared libraries make dynamic loading of code easier. In fact, many operating systems provide interfaces to load this kind of binary modules at run time. We exploit these services to introduce extension code in the process image (although we improve some aspects of conventional dynamic loading, as explained in following sections).
The mechanisms used to gain control at program startup can vary from system to system, but they are reasonably uniform and widespread in the UNIX world. In most cases, this is as simple as setting an environment variable (LD_PRELOAD in Linux and Solaris or _RLD_LIST in IRIX, for example) pointing to the module to be loaded, and to declare an `init routine' in this module. At program startup, this module will be loaded within the process image, and the init function will be executed before the program itself. For security reasons, the system loader disables this feature when loading setuid programs.