/*                  marshall whittaker / oxagast                     */
/* $ gcc -shared -fPIC  preload_read_log.c -o preload_read_log.so -ldl   */
/* $ sudo LD_PRELOAD=$PWD/preload_read_log.so cat /etc/passwd        */


#define _GNU_SOURCE
#include <dlfcn.h>
#include <stdio.h>
#include <unistd.h>

typedef int (*orig_open_f_type)(const char *pathname, int flags);

int open(const char *pathname, int flags, ...) {
  if (geteuid() == 0) {
    FILE *logp;
    logp = fopen("/root/root-accessed.txt", "a+");
    fprintf(logp, "%s\n", pathname);
    fclose(logp);
  }
  orig_open_f_type orig_open;
  orig_open = (orig_open_f_type)dlsym(RTLD_NEXT,"open");
  return orig_open(pathname,flags);
}