[Gammaray-interest] LD_PRELOAD and secure-execution
Christian Gagneraud
chgans at gmail.com
Fri Mar 1 03:14:45 CET 2019
Hi there,
We ran into a tricky problem at run-time (embedded Linux).
The app i want to introspect has Linux capabilities bits set. This
put ld.so in a `secure-execution` mode.
For the preload to work, we need to meet these 3 conditions (from man page):
In secure-execution mode, preload pathnames containing slashes
are ignored. Furthermore, shared objects are preloaded only
from the standard search directories and only if they have
set-user-ID mode bit enabled (which is not typical).
So we need Gammaray to use LD_PRELOAD=gammaray_probe.so and chmod u+s it.
This break the "multi ABI" installation, which in our case we don't
need as we only have a single Qt installed on our embedded devices.
We currently monkey patch PreloadInjector::launch() to strip the path
off, and we "ln -s /usr/lib/gammaray/2.10/qt5_6-arm/gammaray_probe.so
/usr/lib".
I first wanted to report the issue and the solution, as we spent quite
some time to understand the problem and find the solution.
But it would be nice to have a proper fix, so what about making the
preload probe honors the `--injector-override` command line parameter?
In our case we would run gammaray with "--injector-override
gammaray_probe.so" and keep the link hack. This at least would allow
us to not patch gammaray.
Chris
More information about the Gammaray-interest
mailing list