Re: loading of shared objects and executables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Roman,
I'm only not sure if the kernel know all the sorts of ELF sections and segments ld.so can handle. Probably you'll need to modify kernel code to walk over DYNAMIC segment (which keeps the list 
of dependencies) to verify the shared objects an application depends on.
It looks as though I have to reconsider my initial approach - even though I could read that segment (not an easy task though), there is no way the kernel alone could find all dependencies based on that section (there could be .so files, which have dependencies on other .so files and so on), so I have to change ld.so in order to be able to do what the kernel does and verify the files to be loaded. That would be in addition to the kernel doing the verification of the initial executable. 


Yes, but a statically linked executable can also call dlopen(), mmap() (As it was noted later).
Yep, and given what I wrote in the previous paragraph above, it looks as though ld.so also needs to be capable of doing the verification.
On a slightly brighter node, (dynamically) adding new sections to ELF turned out to be an easy task, even if the executable/.so file is already compiled/built - all I have to do is execute "objcopy --add-section <section_name>=<section_file> <infile>" and then "objcopy --set-section-flags <section_name>=<flags> <infile>" to set the appropriate flags to <section_name> ("readonly" in my case). As soon as this is done, the section is added (with its content set from the content of <section_file>) and the appropriate reallocation of the ELF binary is "automatically" done by objcopy.
My initial intent was to create a new section in the ELF header, but I could not find an easy way to do that either during compile time or when the executable/.so file is already built, so placing my "custom" section in the ELF section header by using objcopy seems a good choice and I don't have to recompile everything.
Next, I'll look for ways in which the binary/.so loading could be bypassed (to prevent verification) so that when I change the kernel and the ld.so code later on, to prevent that from happening and enforce verification in all cases, when desired.
[Index of Archives]     [Linux C Programming]     [Linux Kernel]     [eCos]     [Fedora Development]     [Fedora Announce]     [Autoconf]     [The DWARVES Debugging Tools]     [Yosemite Campsites]     [Yosemite News]     [Linux GCC]

  Powered by Linux