|
Message-ID: <1432352279.548091.1494876298089.JavaMail.zimbra@computervoice.com>
Date: Mon, 15 May 2017 14:24:58 -0500 (CDT)
From: Paul Sturm <psturm@...putervoice.com>
To: musl <musl@...ts.openwall.com>
Subject: Re: Static PIE with musl and clang
I decided to take a step back and try to make this work first with gcc (7.1) and ld (2.28). Both tools were built statically and musl (1.16+) is also built as a static libc.a.
Test program is aslr.c:
#include <stdio.h>
int main() {
printf("%p\n", main);
return 0;
}
gcc aslr.c -fPIE -pie -static-libgcc -Wl,-static -Wl,--no-dynamic-linker
./a.out
Segementation fault
bash-4.4# readelf -e a.out
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x300
Start of program headers: 64 (bytes into file)
Start of section headers: 31560 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 6
Size of section headers: 64 (bytes)
Number of section headers: 25
Section header string table index: 24
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .hash HASH 0000000000000190 00000190
0000000000000014 0000000000000004 A 2 0 8
[ 2] .dynsym DYNSYM 00000000000001a8 000001a8
0000000000000030 0000000000000018 A 3 1 8
[ 3] .dynstr STRTAB 00000000000001d8 000001d8
0000000000000007 0000000000000000 A 0 0 1
[ 4] .rela.dyn RELA 00000000000001e0 000001e0
00000000000000c0 0000000000000018 A 2 0 8
[ 5] .init PROGBITS 00000000000002a0 000002a0
000000000000000d 0000000000000000 AX 0 0 1
[ 6] .plt PROGBITS 00000000000002b0 000002b0
0000000000000010 0000000000000010 AX 0 0 16
[ 7] .plt.got PROGBITS 00000000000002c0 000002c0
0000000000000018 0000000000000000 AX 0 0 8
[ 8] .text PROGBITS 00000000000002e0 000002e0
0000000000004f44 0000000000000000 AX 0 0 16
[ 9] .fini PROGBITS 0000000000005224 00005224
0000000000000008 0000000000000000 AX 0 0 1
[10] .rodata PROGBITS 0000000000005240 00005240
0000000000000b90 0000000000000000 A 0 0 32
[11] .eh_frame_hdr PROGBITS 0000000000005dd0 00005dd0
0000000000000024 0000000000000000 A 0 0 4
[12] .eh_frame PROGBITS 0000000000005df8 00005df8
000000000000007c 0000000000000000 A 0 0 8
[13] .ctors PROGBITS 0000000000205e88 00005e88
0000000000000010 0000000000000000 WA 0 0 8
[14] .dtors PROGBITS 0000000000205e98 00005e98
0000000000000010 0000000000000000 WA 0 0 8
[15] .data.rel.ro PROGBITS 0000000000205ea8 00005ea8
0000000000000008 0000000000000000 WA 0 0 8
[16] .dynamic DYNAMIC 0000000000205eb0 00005eb0
0000000000000130 0000000000000010 WA 3 0 8
[17] .got PROGBITS 0000000000205fe0 00005fe0
0000000000000020 0000000000000008 WA 0 0 8
[18] .got.plt PROGBITS 0000000000206000 00006000
0000000000000018 0000000000000008 WA 0 0 8
[19] .data PROGBITS 0000000000206018 00006018
00000000000000f8 0000000000000000 WA 0 0 8
[20] .bss NOBITS 0000000000206120 00006110
00000000000006e0 0000000000000000 WA 0 0 32
[21] .comment PROGBITS 0000000000000000 00006110
000000000000003e 0000000000000001 MS 0 0 1
[22] .symtab SYMTAB 0000000000000000 00006150
00000000000010e0 0000000000000018 23 100 8
[23] .strtab STRTAB 0000000000000000 00007230
000000000000085b 0000000000000000 0 0 1
[24] .shstrtab STRTAB 0000000000000000 00007a8b
00000000000000b7 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
l (large), p (processor specific)
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000005e74 0x0000000000005e74 R E 0x200000
LOAD 0x0000000000005e88 0x0000000000205e88 0x0000000000205e88
0x0000000000000288 0x0000000000000978 RW 0x200000
DYNAMIC 0x0000000000005eb0 0x0000000000205eb0 0x0000000000205eb0
0x0000000000000130 0x0000000000000130 RW 0x8
GNU_EH_FRAME 0x0000000000005dd0 0x0000000000005dd0 0x0000000000005dd0
0x0000000000000024 0x0000000000000024 R 0x4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x10
GNU_RELRO 0x0000000000005e88 0x0000000000205e88 0x0000000000205e88
0x0000000000000178 0x0000000000000178 R 0x1
Section to Segment mapping:
Segment Sections...
00 .hash .dynsym .dynstr .rela.dyn .init .plt .plt.got .text .fini .rodata .eh_frame_hdr .eh_frame
01 .ctors .dtors .data.rel.ro .dynamic .got .got.plt .data .bss
02 .dynamic
03 .eh_frame_hdr
04
05 .ctors .dtors .data.rel.ro .dynamic .got
bash-4.4#
bash-4.4# readelf -d a.out
Dynamic section at offset 0x5eb0 contains 15 entries:
Tag Type Name/Value
0x000000000000000c (INIT) 0x2a0
0x000000000000000d (FINI) 0x5224
0x0000000000000004 (HASH) 0x190
0x0000000000000005 (STRTAB) 0x1d8
0x0000000000000006 (SYMTAB) 0x1a8
0x000000000000000a (STRSZ) 7 (bytes)
0x000000000000000b (SYMENT) 24 (bytes)
0x0000000000000015 (DEBUG) 0x0
0x0000000000000003 (PLTGOT) 0x206000
0x0000000000000007 (RELA) 0x1e0
0x0000000000000008 (RELASZ) 192 (bytes)
0x0000000000000009 (RELAENT) 24 (bytes)
0x000000006ffffffb (FLAGS_1) Flags: PIE
0x000000006ffffff9 (RELACOUNT) 8
0x0000000000000000 (NULL) 0x0
From: "Szabolcs Nagy" <nsz@...t70.net>
To: "musl" <musl@...ts.openwall.com>
Sent: Sunday, March 5, 2017 12:21:18 PM
Subject: Re: [musl] Static PIE with musl and clang
* Paul Sturm <psturm@...putervoice.com> [2017-03-04 21:41:24 -0600]:
> clang /usr/lib/rcrt1.o ../aslr.c -o aslr -fPIE -shared -Bsymbolic -Wl,--no-dynamic-linker
> ).
> ./aslr seg faults when I run it.
you did not static link the libc at all
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.