modifying ld.so to pre-process elf file, concurrency problem / SIGSEGV

Bill Ross rossbcan@gmail.com
Wed Nov 25 16:54:00 GMT 2015 

Hi;

I am modifying ld.so to load a custom library to pre-process elf files based
on header flags, to perform elf segment hash verification


Exact Question: What is the proper way to invoke _dl_open() from within
ld.so such that internal ld.so structs are maintained / mutexed properly?

Eglibc 2.19, file rtld.c, x86_64

Line # 1546


      /* If we have any auditing modules, announce that we already
                have two objects loaded.  */
      if (__builtin_expect (GLRO(dl_naudit) > 0, 0))
                {
                  struct link_map *ls[2] = { main_map, &GL(dl_rtld_map) };

                  for (unsigned int outer = 0; outer < 2; ++outer)
                    {
                      struct audit_ifaces *afct = GLRO(dl_audit);
                      for (unsigned int cnt = 0; cnt < GLRO(dl_naudit);
++cnt)
                                {
                                  if (afct->objopen != NULL)
                                    {
                                      ls[outer]->l_audit[cnt].bindflags
                                                = afct->objopen (ls[outer],
LM_ID_BASE,
                                                                            
    &ls[outer]->l_audit[cnt].cookie);

                                      ls[outer]->l_audit_any_plt
                                                |=
ls[outer]->l_audit[cnt].bindflags != 0;
                                    }

                                  afct = afct->next;
                                }
                    }
                }
    }
Added:    if ( ((ehdr->e_flags & VT_PROTECTED) == VT_PROTECTED) ||
((ehdr->e_flags & VT_HASHED) == VT_HASHED) ){
       struct link_map *protect_map = _dl_open("libprotect.so", (RTLD_LAZY |
__RTLD_DLOPEN | __RTLD_SECURE),
       dl_main, LM_ID_NEWLM, _dl_argc, INTUSE(_dl_argv), __environ);
   }




Approx line 2112:

  /* Save the information about the original global scope list since
     we need it in the memory handling later.  */
  GLRO(dl_initial_searchlist) = *GL(dl_ns)[LM_ID_BASE]._ns_main_searchlist;

  /* Remember the last search directory added at startup, now that
     malloc will no longer be the one from dl-minimal.c.  */
  SIGSEGV here: GLRO(dl_init_all_dirs) = GL(dl_all_dirs);

A SIGSEGV occurs in the last line. Appears to be some sort of concurrency /
re-entrant problem with _dl_load if the header flags are present (load
library), else OK

The best a web search yielded is this, which I am unable to determine if is
applicable:
https://sourceware.org/ml/libc-help/2010-10/msg00024.html

And, the modified rtld.c file is available here:
www.rossco.org/Files/rtld.c

If anyone is interested in a joint debugging / screen sharing session,
contact me: rossbcan at gmail dot com

Thanks;
Bill Ross

More information about the Libc-help mailing list