Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Program header editing features #533

Open
matheusmoreira opened this issue Nov 20, 2023 · 5 comments
Open

Program header editing features #533

matheusmoreira opened this issue Nov 20, 2023 · 5 comments

Comments

@matheusmoreira
Copy link

matheusmoreira commented Nov 20, 2023

I've been working on a feature for my software which lets me embed arbitrary files in ELF executables in such a way that they get loaded by the operating system automatically. A block of arbitrary data is concatenated to the ELF, a PT_LOAD segment is created for it and it becomes reachable via the auxiliary vector.

Getting the existing linkers to create these sections has been difficult. It is easier to patch the section in after the fact with tools such as patchelf.

Would you be interested in supporting the ELF file embedding use case directly? It could work like this:

patchelf --add-loadable-file-segment /my/file /my/elf

That would append /my/file to /my/elf and add a PT_LOAD segment covering it.

It would also be extremely useful to have options to add PT_NULL segments for further processing with custom tools:

patchelf --append-null-phdr /my/elf
patchelf --append-null-phdrs 2 /my/elf

Linker support for this is emerging. I recently suggested similar features to linkers and achieved mixed success. The mold maintainer responded by implementing a --spare-program-headers=N feature which will be included in the next release. ld maintainers do not seem to be interested.

Links:

@MaskRay
Copy link

MaskRay commented Nov 29, 2023

ld maintainers do not seem to be interested.

Also lld/ELF.

A post-link tool implementing the feature is definitely the right direction. In a lot of cases, the user using a post-link tool has limited control to the link process, so a linker option isn't too useful.

@matheusmoreira
Copy link
Author

@MaskRay I'd be happy to help add this feature to patchelf. Are you familiar with the codebase?

@philzook58
Copy link

I'd like to voice my support for features enabling extra program headers. We've been working on the ability to add post-hoc targeted security micropatches (on possibly opaque binary blobs) and not found a good solution for getting extra code into the binary after linking. This feature and ones like it could help a lot. A common technique I've seen is to clobber a PT_NOTE section or modify an existing PT_LOAD segment header to get a bit more space. See for example https://ofrak.com/docs/reference/ofrak/core/elf/load_alignment_modifier.html https://github.com/angr/patcherex/blob/a6c6a70c463a86415e2a571bbaef898336233bc9/patcherex/backends/detourbackends/_elf.py#L104 These techniques also are seen in the virus community (see for example here https://tmpout.sh/3/03.html) Having an off the shelf solution would be a big help. It'd also be nice if linker can support this (legitimate) use case proactively. If there is interest in patchelf accepting functionality like this, I would be interested in working on it

@philzook58
Copy link

#544 I'll note that this pull request seems like it is one step towards segment header editing capabilities

@matheusmoreira
Copy link
Author

@philzook58 Absolutely. Moving the PHT to the end of the file is one way to implement this. I tried to do it myself but wasn't completely successful, hopefully a developer more familiar with the patchelf code will succeed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants