Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20180315111705.GV4418@port70.net>
Date: Thu, 15 Mar 2018 12:17:05 +0100
From: Szabolcs Nagy <nsz@...t70.net>
To: Bracken Dawson <abdawson@...il.com>, musl@...ts.openwall.com
Subject: Re: Program with constructor function segfaults frequently
 with musl

* Szabolcs Nagy <nsz@...t70.net> [2018-03-15 12:01:44 +0100]:
> * Bracken Dawson <abdawson@...il.com> [2018-03-15 10:38:31 +0000]:
> > I have been having trouble getting a cgo program to run with musl, it has
> > been segfaulting frequently and with 'No stack' when run under gdb.
> > 
> > I have managed to reproduce such a failure in pure c with a very small
> > example:
> > 
> > ```
> > #include <stdio.h>
> > #include <stdlib.h>
> > #include <getopt.h>
> > 
> > __attribute__((constructor)) void enter_namespace(int argc, char *argv[]) {
> 
> the arguments passed to ctors are not part of the elf abi
> http://www.sco.com/developers/gabi/latest/ch5.dynamic.html#init_fini

ah this does not explain the type signature, the right link is
http://www.sco.com/developers/gabi/latest/ch4.sheader.html#init_array

> (and it cannot really work for dynamically loaded libraries anyway:
> the application can arbitrarily clobber argv by that time)
> 
> glibc passes these arguments as an extension (the semantics
> for dlopened libraries is unclear), which happens to work
> since the calling convention of functions with no arguments
> allows this on all supported targets.
> 
> (note that there are security hardenning solutions that check
> the call site function signature against the callee and abort on
> mismatch and such extension would not work with that)
> 
> is this cgo that tries to capture argv in a ctor or some other
> c library? (in either case you should first try to solve it
> portably without depending on the glibc extension)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.