Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 16 Oct 2023 10:26:04 -0400
From: Rich Felker <dalias@...c.org>
To: Farid Zakaria <fmzakari@...c.edu>
Cc: musl@...ts.openwall.com
Subject: Re: Getting access to section data during dynlink.c

On Sun, Oct 15, 2023 at 06:06:48PM -0700, Farid Zakaria wrote:
> Hi!
> 
> I'd like to read some section data during dynlink.c
> Does anyone have any good suggestions on the best way to do so?
> I believe most ELF files ask for the load to start from the start of the
> ELF file.
> 
> I see in dynlink.c the kernel sends AT_PHDR as an auxiliary vector --
> Should I try applying a fixed offset from it to get to the start of the
> ehdr ?
> 
> Any advice is appreciated.
> 
> Please include me in the CC for the reply.
> I can't recall if I've subscribed.

Neither the Ehdrs nor sections are "loadable" parts of an executable
ELF file. They may happen to be present in the mapped pages due to
page granularity of mappings, but that doesn't mean they're guaranteed
to be there; the Ehdrs are for the program loader's use, and the
sections are for the use of linker (non-dynamic), debugger, etc.

In musl we use Ehdrs in a couple places: the dynamic linker finds its
own program headers via assuming they're mapped, but this is rather
reasonable since we built it and it's either going to always-succeed
or always-fail and get caught before deployment if that build-time
assumption somehow isn't met. It's not contingent on properties of a
program encountered at runtime. We also use Ehdrs when loading a
program (invoking ldso as a command) or shared library, but in that
case we are the loaded and have access to them via the file being
loaded.

Depending on what you want to do, and whether you just need to be
compatible with your own binaries or arbitrary ones, it may suffice to
do some sort of hack like rounding down from the program header
address to the start of the page and hoping the Ehdrs live there. But
it might make sense to look for other ways to do what you're trying to
do, without needing to access non-runtime data structures.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.