Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 8 May 2022 21:38:14 +0200
From: Szabolcs Nagy <nsz@...t70.net>
To: Pablo Galindo Salgado <pablogsal@...il.com>
Cc: Rich Felker <dalias@...c.org>, Markus Wichmann <nullplan@....net>,
	musl@...ts.openwall.com
Subject: Re: Why the entries in the dynamic section are not always
 relocated?

* Pablo Galindo Salgado <pablogsal@...il.com> [2022-05-08 15:23:29 +0100]:
> Thanks for all the answers to this! Here are some clarifications
> and context.
> 
> > It appears to me that whatever you are trying to do is not possible
> > portibly on Linux at this time. Could you fill us in?
> 
> As part of writing profiling and debugging tools, I am trying to rewrite
> the PLT
> table to hook into some symbols of shared libraries. This technique is
> quite common
> and is already used in a considerable number of debuggers, profilers and
> elf inspection
> tools. Currently, the way this is handled is "not at all" or "checking
> against the base
> address and heuristically assuming that is an offset if the address is less
> than the base",
> which is suboptimal. This use case may sound "advanced" or "hacky" but this
> is quite a
> common technique for doing profilers, debuggers, state inspection tools and
> other related
> tooling.
> 
> Notice that the lack of anything predictable here makes these tools be more
> unreliable
> across libc implementations (most people assume it "works" based on what
> glibc does
> but even old glibcs seem to be inconsistent with this).

note: in glibc the internal macro DL_RO_DYN_SECTION controls if the
dynamic section is relocated or not. on mips and riscv it is set so
there the dynamic section is not relocated.

i guess gdb decides based on the target how to find the debug info.

but clearly relocating the dynamic section is not compatible with
having it exposed as part of the public abi (the libc does not know
about future dynamic tags, unknown tags are ignored, not relocated).

if user code needs to access the dynamic section at runtime then
it can hard code glibc specific knowledge (decide based on glibc
version and target) or use another, supported libc interface. (e.g.
glibc supports plt hooks via LD_AUDIT).

thanks for the example links, those were interesting.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.