[Gammaray-interest] LD_PRELOAD and secure-execution

Christian Gagneraud chgans at gmail.com
Wed Mar 6 17:38:50 CET 2019 

On Wed, 6 Mar 2019 at 09:23, Volker Krause <volker.krause at kdab.com> wrote:
>
> Hi,
>
> On Friday, 1 March 2019 03:14:45 CET Christian Gagneraud wrote:
> > We ran into a tricky problem at run-time (embedded Linux).
> > The app i want to introspect has Linux capabilities  bits set. This
> > put ld.so in a `secure-execution` mode.
> > For the preload to work, we need to meet these 3 conditions (from man page):
> > In secure-execution mode, preload pathnames containing slashes are ignored.
> >  Furthermore, shared objects are preloaded only from the standard search
> > directories and only if they have set-user-ID mode bit enabled (which is
> > not typical).
>
> interesting, not a scenario I had encountered before, nice you managed to make
> it work nevertheless :)
>
> > So we need Gammaray to use LD_PRELOAD=gammaray_probe.so and chmod u+s it.
> > This break the "multi ABI" installation, which in our case we don't
> > need as we only have a single Qt installed on our embedded devices.
> >
> > We currently monkey patch PreloadInjector::launch() to strip the path
> > off, and we "ln -s /usr/lib/gammaray/2.10/qt5_6-arm/gammaray_probe.so
> > /usr/lib".
> >
> > I first wanted to report the issue and the solution, as we spent quite
> > some time to understand the problem and find the solution.
> >
> > But it would be nice to have a proper fix, so what about making the
> > preload probe honors the `--injector-override` command line parameter?
> > In our case we would run gammaray with "--injector-override
> > gammaray_probe.so" and keep the link hack. This at least would allow
> > us to not patch gammaray.
>
> That sounds like a minimal-invasive solution for this scenario indeed, and
> should not interfere with anything else.

So I take that as a "Go ahead, submit a fix".
Do you think it might be worth documenting this scenario, and the
workaround that go with it?
If yes, where should the documentation go, maybe the wiki?

>
> Btw, in case you hit further limits with LD_PRELOAD (like we do on Android for
> example), there's also the option to just link against gammaray_probe.so. Not
> really elegant of course as GammaRay will then be always active, but it's more
> robust than any other injection approach.

Yes, that's an interesting feature, but in our case, we would like to
use the injection at runtime, as the default behaviour.
The whole idea was to fully integrate gammaray with our embedded linux
system, we currently have a startup script (SysV init), that allows to
start our app "normally", under gdbserver, under squish (UI test), and
now under gammaray. This will hopefully encourage developers to use
gammaray on the target.

So we'll stick to dynamic injection.
Having said that, i never tried the static probe, i think i should
give it a go and see if i can spot a difference.
If i can see definite advantage, i might add this option to our build system.

Thanks,
Chris

>
> Regards,
> Volker

More information about the Gammaray-interest mailing list