[Gammaray-interest] LD_PRELOAD and secure-execution

Volker Krause volker.krause at kdab.com
Wed Mar 6 09:23:02 CET 2019 

Hi,

On Friday, 1 March 2019 03:14:45 CET Christian Gagneraud wrote:
> We ran into a tricky problem at run-time (embedded Linux).
> The app i want to introspect has Linux capabilities  bits set. This
> put ld.so in a `secure-execution` mode.
> For the preload to work, we need to meet these 3 conditions (from man page):
> In secure-execution mode, preload pathnames containing slashes are ignored.
>  Furthermore, shared objects are preloaded only from the standard search
> directories and only if they have set-user-ID mode bit enabled (which is
> not typical).

interesting, not a scenario I had encountered before, nice you managed to make 
it work nevertheless :)

> So we need Gammaray to use LD_PRELOAD=gammaray_probe.so and chmod u+s it.
> This break the "multi ABI" installation, which in our case we don't
> need as we only have a single Qt installed on our embedded devices.
> 
> We currently monkey patch PreloadInjector::launch() to strip the path
> off, and we "ln -s /usr/lib/gammaray/2.10/qt5_6-arm/gammaray_probe.so
> /usr/lib".
> 
> I first wanted to report the issue and the solution, as we spent quite
> some time to understand the problem and find the solution.
> 
> But it would be nice to have a proper fix, so what about making the
> preload probe honors the `--injector-override` command line parameter?
> In our case we would run gammaray with "--injector-override
> gammaray_probe.so" and keep the link hack. This at least would allow
> us to not patch gammaray.

That sounds like a minimal-invasive solution for this scenario indeed, and 
should not interfere with anything else.

Btw, in case you hit further limits with LD_PRELOAD (like we do on Android for 
example), there's also the option to just link against gammaray_probe.so. Not 
really elegant of course as GammaRay will then be always active, but it's more 
robust than any other injection approach.

Regards,
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4664 bytes
Desc: not available
URL: <http://mail.kdab.com/pipermail/gammaray-interest/attachments/20190306/52ddba39/attachment.p7s>

More information about the Gammaray-interest mailing list