fix: Resolve environ symbol in PIE executables and glibc's dynamic linker (#108)

Skip LOCAL-binding symbols during symbol lookup, as they are
file-scoped and should never match external lookups like `environ`.
Recognize glibc's dynamic linker (`ld-linux-*.so`) as a C runtime
module so its `environ` symbol is found when no copy relocation
exists (PIE executables, Rust programs, etc.).

Add integration tests verifying that `penv` and `pargs -e` reflect
runtime `setenv` changes read from the live `environ` symbol.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: basil

examples/penv_setenv.rs

@@ -0,0 +1,65 @@
+//
+//   Copyright (c) 2026 Basil Crow
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+
+//! Test helper that modifies its environment at runtime via `set_var`.
+//!
+//! Used by integration tests to verify that `penv` and `pargs -e` reflect
+//! runtime environment changes (read from the `environ` symbol) rather than
+//! the static `/proc/pid/environ` snapshot.
+
+use std::env;
+use std::fs::File;
+use std::thread;
+use std::time::Duration;
+
+fn allow_ptrace_for_tests() {
+    // On Linux with Yama ptrace_scope=1 (the Ubuntu default), only a
+    // process's descendants may ptrace it.  Since the test harness spawns
+    // this process and the ptool as siblings, we opt in to tracing by any
+    // process so the tests work without elevated privileges.
+    unsafe {
+        nix::libc::prctl(
+            nix::libc::PR_SET_PTRACER,
+            nix::libc::PR_SET_PTRACER_ANY,
+            0,
+            0,
+            0,
+        );
+    }
+}
+
+fn main() {
+    allow_ptrace_for_tests();
+
+    // Add a new environment variable at runtime.  This will only be visible
+    // via the `environ` symbol (process_vm_readv), not via /proc/pid/environ.
+    env::set_var("PTOOLS_TEST_SETENV_VAR", "runtime_value");
+
+    // Also overwrite an existing variable to verify updates are reflected.
+    env::set_var("PTOOLS_TEST_OVERWRITE_VAR", "after");
+
+    let signal_path =
+        env::var("PTOOLS_TEST_READY_FILE").expect("PTOOLS_TEST_READY_FILE must be set");
+
+    // Signal parent process (the test process) that this process is ready to be observed by the
+    // ptool being tested.
+    File::create(signal_path).unwrap();
+
+    // Wait for the parent to finish running the ptool and then kill us.
+    loop {
+        thread::sleep(Duration::from_millis(100));
+    }
+}

src/dw/dwfl/module.rs

@@ -165,6 +165,12 @@ impl ModuleRef {
                 if sym_name.is_null() {
                     continue;
                 }
+                // Skip LOCAL-binding symbols.  LOCAL symbols are
+                // file-scoped and not visible outside their object
+                // file, so they should never match external lookups.
+                if (sym.st_info >> 4) == 0 {
+                    continue;
+                }
                 if let Some(t) = sym_type {
                     if (sym.st_info & 0xf) != t {
                         continue;

src/source/dw.rs

@@ -111,26 +111,31 @@ pub(super) fn find_environ_symbol(
         }
         Ok(())
     })?;
-    // Prefer the non-libc copy (typically the main executable).  On
-    // dynamically linked executables the linker emits a copy relocation
-    // for `environ`, placing the live storage in the executable's BSS.
-    // The libc address may remain at its initial (zero) value because
-    // all runtime updates go through the copy-relocated slot.
+    // Prefer the non-libc copy (typically the main executable).  Non-PIE
+    // executables that reference `extern char **environ` get a copy
+    // relocation, placing the live storage in the executable's BSS; in
+    // that case the libc copy is stale because all runtime updates go
+    // through the copy-relocated slot.  When no copy relocation exists
+    // (PIE executables, Rust programs, etc.) only the libc symbol is
+    // found and used directly.
     Ok(other_addr.or(libc_addr))
 }
 
-/// Returns `true` if the module name looks like it belongs to libc.
+/// Returns `true` if the module name looks like it belongs to the C runtime.
 ///
-/// Matches glibc (`libc.so.6`, `libc-2.31.so`) and musl (`ld-musl-x86_64.so.1`,
-/// which is musl's combined dynamic-linker/libc).
+/// Matches glibc's libc (`libc.so.6`, `libc-2.31.so`), glibc's dynamic
+/// linker (`ld-linux-x86-64.so.2`, `ld-linux-aarch64.so.1`), and musl
+/// (`ld-musl-x86_64.so.1`, which is musl's combined dynamic-linker/libc).
 fn is_libc_module(module: &ModuleRef) -> bool {
     module.name().is_some_and(|name| {
         let bytes = name.to_bytes();
         let filename = match bytes.iter().rposition(|&b| b == b'/') {
             Some(pos) => &bytes[pos + 1..],
             None => bytes,
         };
-        filename.starts_with(b"libc") || filename.starts_with(b"ld-musl")
+        filename.starts_with(b"libc")
+            || filename.starts_with(b"ld-linux")
+            || filename.starts_with(b"ld-musl")
     })
 }
 

tests/pargs_penv_test.rs

@@ -282,6 +282,64 @@ fn pargs_x_alias_matches_pauxv_output() {
     );
 }
 
+#[test]
+fn penv_reflects_runtime_setenv() {
+    let output = common::run_ptool(
+        "penv",
+        &[],
+        "examples/penv_setenv",
+        &[],
+        &[("PTOOLS_TEST_OVERWRITE_VAR", "before")],
+        false,
+    );
+    let stdout = common::assert_success_and_get_stdout_allow_warnings(output);
+
+    // PTOOLS_TEST_SETENV_VAR was added at runtime via setenv() and should
+    // only be visible when reading the environ symbol (not /proc/pid/environ).
+    assert!(
+        stdout.contains("PTOOLS_TEST_SETENV_VAR=runtime_value"),
+        "Runtime setenv variable not found in penv output:\n\n{stdout}\n\n"
+    );
+
+    // PTOOLS_TEST_OVERWRITE_VAR was passed as "before" at spawn time and then
+    // overwritten to "after" via setenv().
+    assert!(
+        stdout.contains("PTOOLS_TEST_OVERWRITE_VAR=after"),
+        "Overwritten env variable should show new value in penv output:\n\n{stdout}\n\n"
+    );
+    assert!(
+        !stdout.contains("PTOOLS_TEST_OVERWRITE_VAR=before"),
+        "Overwritten env variable should not show old value in penv output:\n\n{stdout}\n\n"
+    );
+}
+
+#[test]
+fn pargs_e_reflects_runtime_setenv() {
+    let output = common::run_ptool(
+        "pargs",
+        &["-e"],
+        "examples/penv_setenv",
+        &[],
+        &[("PTOOLS_TEST_OVERWRITE_VAR", "before")],
+        false,
+    );
+    let stdout = common::assert_success_and_get_stdout_allow_warnings(output);
+
+    assert!(
+        stdout.contains("PTOOLS_TEST_SETENV_VAR=runtime_value"),
+        "Runtime setenv variable not found in pargs -e output:\n\n{stdout}\n\n"
+    );
+
+    assert!(
+        stdout.contains("PTOOLS_TEST_OVERWRITE_VAR=after"),
+        "Overwritten env variable should show new value in pargs -e output:\n\n{stdout}\n\n"
+    );
+    assert!(
+        !stdout.contains("PTOOLS_TEST_OVERWRITE_VAR=before"),
+        "Overwritten env variable should not show old value in pargs -e output:\n\n{stdout}\n\n"
+    );
+}
+
 #[test]
 fn pargs_x_prints_auxv_entries() {
     let output = common::run_ptool("pargs", &["-x"], "examples/pargs_penv", &[], &[], false);