On 1/12/25 14:44, Christoph Erhardt wrote:
On Sunday 12 January 2025 21:25:17 Central European Standard Time Zbigniew
Jędrzejewski-Szmek wrote:
My concern is that this defeats most methods of observability. It's
essentially the same as the double-fork problem we used to have with
system services. The stub will fork out and exec a new binary, which
means you lose track of the binary and can't reliably trace it.
Why do you think it would fork? There should be just one process
that executes the loader code and then something else.
Right - without having seen any code, my expectation would be for the helper
to poke around a bit in the filesystem and then do an `exec()` of the actual
binary.
Don't even use execve(), which is a very expensive system call.
The helper can just mmap() ld.so, pre-pend argv[] arguments such as
--preload, --library-path, and/or --argv0 according to the helper's
diagnosis, and jump to ElfXX_Ehdr.e_entry of ld.so. ld.so already
must self-relocate (that's one of the jobs of a PT_INTERP!),
so merely mmap()ing ld.so according to its PT_LOADs is enough.
The only execve() is the one that invoked the helper itself.
If desired, then the helper can prctl(PR_SET_NAME). It can also
look at ElfXX_Auxv.{AT_EXECFN} and compare with argv[0]
and/or readlink("/proc/self/exe") to help disambiguate symlinking.
The helper should be ET_EXEC -static: no shared libraries,
and no PT_INTERP. For those who are paranoid about losing ASLR:
rebuild the helper every few hours using a small[-ish] set of
base addresses. Or, make the helper ET_DYN -PIE -static
(again: no shared libraries, no PT_INTERP) and [re-]pre-link it
every few hours.
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
