This work addresses shared library hijacking attacks, which exploit the dynamic linker’s library resolution mechanism to bypass direct tampering with trusted libraries—a vulnerability unmitigated by existing defenses that lack authenticity verification of loaded libraries. The paper reframes this challenge as a loader-resolution-phase authenticity problem and proposes a dynamic-linker-centric verification framework. By integrating path binding, a Build-ID–based position-independent identity model, and cryptographic hashing, the framework enforces verification during library resolution to ensure that only expected and trusted shared objects are loaded. A prototype implementation built atop glibc effectively thwarts hijacking attacks on both general-purpose (e.g., Ubuntu) and embedded (e.g., Buildroot) Linux systems, thereby closing a critical gap in current defense mechanisms.

Shared library hijacking attacks in the Linux ecosystem, including embedded Linux, are a significant concern. It fundamentally exploits the dynamic linker's library-resolution semantics rather than modifying trusted libraries directly. Prior research has extensively analyzed attack vectors exploiting environment variables, embedded search paths, and dynamic loader internals, demonstrating that hijacking is rooted in fundamental loader behavior rather than isolated misconfigurations. Existing defenses either harden or replace the loader, enforce control-flow integrity after libraries are loaded, or apply file-centric integrity mechanisms such as signatures and measurement frameworks. However, these approaches fail to address a critical gap: none verify whether the shared object actually resolved by the loader is the intended and trusted one. In this paper, we argue that shared library hijacking is fundamentally a loader-resolution authenticity problem and present a loader-centric verification framework that enforces authenticity guarantees for the dynamic linker's resolution process. Our design supports both path-bound and location-independent (i.e., Build-ID-based) identity models combined with cryptographic hashing. We implement our approach on GNU libc (glibc) systems and evaluate it on both general-purpose Linux (e.g., Ubuntu) and embedded Linux (e.g., Buildroot) environments under emulation. Our results demonstrate that our proposed mechanism indeed prevents shared library hijacking attacks.