flat assembler
Message board for the users of flat assembler.

Index > Linux > GNU_RELRO and ELF interpreter

Author
Thread Post new topic Reply to topic
MaoKo



Joined: 07 May 2019
Posts: 100
Location: Paris/French
MaoKo 21 Oct 2020, 03:16
Hello. I'm trying to understand GNU_RELRO.
It's seem that GNU_RELRO is relevant only when it's offset is the same of an another segment (I'm not sure about this).
Code:
LOAD           0x0000000000002e28 0x0000000000003e28 0x0000000000003e28 0x0000000000000200 0x0000000000000208  RW  0x1000
 . . . 
GNU_RELRO      0x0000000000002e28 0x0000000000003e28 0x0000000000003e28 0x00000000000001d8 0x00000000000001d8  R      0x1
    

And in common ELF, this target segment is paired with section like ".got, .got.plt".
My goal is to change dynamically a writable segment into a read-only segment at runtime (without explicit call to mprotect).
But in this code:
Code:
format ELF executable $03
entry _start

segment executable readable
_start:
  mov byte [_], $00
  mov eax, $01
  xor ebx, ebx
  int $80

segment gnurelro
segment writable readable
_: db ?
    

the mapping for the second LOAD segment is always rw-. The write permission is still present.
So I guess the "relro trigger" is with the dynamic loader. But when I add:
Code:
segment interpreter
db "/usr/lib32/ld-2.32.so", $00 ; on my system
    

no matter if I have included the gnurelro or not, it's always segfault.
The strace:
Code:
execve("./a", ["./a"], 0x7ffed7a53df0 /* 38 vars */) = 0
[ Process PID=30501 runs in 32 bit mode. ]
brk(NULL)                               = 0x94b2000
arch_prctl(0x3001 /* ARCH_??? */, 0xffc74d58) = -1 EINVAL (Invalid argument)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x4} ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped)
    

I would be very grateful if someone can explain me what happened Smile.
Have a nice day.
Post 21 Oct 2020, 03:16
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20300
Location: In your JS exploiting you and your system
revolution 22 Oct 2020, 04:25
Your interpreter has nothing to interpret.

Try adding some dependencies from libc or something.
Post 22 Oct 2020, 04:25
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.