Check PIE binary for linux in Object.kind() #756
Conversation
| let val = v.val32(self.endian()); | ||
| if let Some(tag) = tag { | ||
| if let Some(val) = val { | ||
| if tag == DT_FLAGS_1 && val & DF_1_PIE == DF_1_PIE { |
There was a problem hiding this comment.
LLVM only started setting this flag in 2020: https://reviews.llvm.org/D80872
Any ET_DYN file with non-zero e_entry and/or a PT_INTERP can be run as executable. And it is possible to make a file that is both a valid executable and a valid shared library. For example the dynamic linker on Linux generally is both.
There was a problem hiding this comment.
So maybe we should replace ObjectKind with methods like is_executable and is_dynamic?
There was a problem hiding this comment.
fiy this is how file detects PIE executable
https://stackoverflow.com/questions/34519521/why-does-gcc-create-a-shared-object-instead-of-an-executable-binary-according-to/55704865#55704865
I originally wanted to check the permissions but it's hard to implement it here (i need to know the path)
| } else { | ||
| ObjectKind::Dynamic | ||
| } | ||
| } |
There was a problem hiding this comment.
Can you explain more about how you intend to use this, or even better give a link to the code where you use this. Do you actually need PIE, or would returning Executable suffice?
The question mark on the TODO was because I wasn't sure this is something we actually want. We also need to be careful because existing users may not want this change, so we'll need to review those.
There was a problem hiding this comment.
Ok. Actually I need this for addr2line crate of yours
https://github.com/AFLplusplus/LibAFL/blob/main/libafl_qemu/src/modules/utils/addr2line.rs#L111
this is the example.
to look up an address from the Loader struct in addr2line. I need to check for if the binary is PIE executable or not.
- if it is PIE executable, i need to use the relative address
(for example, if your binary is loaded at 0x555555556000 and you want to look for 0x555555556123, then I need to use 0x123 to lookup from the loader) - on the other hand, if it is not a PIE executable, I can just directly use the addres where it was loaded.
To detect this difference is necessary for me to use addr2line
There was a problem hiding this comment.
So case 1 is ET_DYN+DF_1_PIE, and case 2 is ET_EXEC. How do you need to handle ET_DYN without DF_1_PIE?
| use crate::elf; | ||
| use crate::elf::{DF_1_PIE, DT_FLAGS_1}; |
There was a problem hiding this comment.
Please don't import these. Use elf::DF_1_PIE etc.
| use alloc::vec::Vec; | ||
| use core::convert::TryInto; | ||
| use core::fmt::Debug; | ||
| use core::mem; |
No description provided.