Sure, but that's not what your article is arguing. You literally have a heading "The Vulnerability". It's not a vulnerability, it's not an attack, it's just one option of what you can do after you're done exploiting your way into a system. Not even sure it's a particularly good option; modifying environment variables will mean that at least the target user is fully compromised. In turn, that will mean in pretty much all cases that the attacker is able to just transfer out any and all private keys. And note LD_PRELOAD is only applied when you start something; restarting a long-running process might in itself raise alarm bells or require re-unlocking keys. Much easier to directly take the keys from running process memory.