[Gammaray-interest] LD_PRELOAD and secure-execution

Volker Krause volker.krause at kdab.com
Thu Mar 7 08:59:58 CET 2019 

On Wednesday, 6 March 2019 17:38:50 CET Christian Gagneraud wrote:
> On Wed, 6 Mar 2019 at 09:23, Volker Krause <volker.krause at kdab.com> wrote:
> > On Friday, 1 March 2019 03:14:45 CET Christian Gagneraud wrote:
> > > We ran into a tricky problem at run-time (embedded Linux).
> > > The app i want to introspect has Linux capabilities  bits set. This
> > > put ld.so in a `secure-execution` mode.
> > > For the preload to work, we need to meet these 3 conditions (from man
> > > page): In secure-execution mode, preload pathnames containing slashes
> > > are ignored.> > 
> > >  Furthermore, shared objects are preloaded only from the standard search
> > > 
> > > directories and only if they have set-user-ID mode bit enabled (which is
> > > not typical).
> > 
> > interesting, not a scenario I had encountered before, nice you managed to
> > make it work nevertheless :)
> > 
> > > So we need Gammaray to use LD_PRELOAD=gammaray_probe.so and chmod u+s
> > > it.
> > > This break the "multi ABI" installation, which in our case we don't
> > > need as we only have a single Qt installed on our embedded devices.
> > > 
> > > We currently monkey patch PreloadInjector::launch() to strip the path
> > > off, and we "ln -s /usr/lib/gammaray/2.10/qt5_6-arm/gammaray_probe.so
> > > /usr/lib".
> > > 
> > > I first wanted to report the issue and the solution, as we spent quite
> > > some time to understand the problem and find the solution.
> > > 
> > > But it would be nice to have a proper fix, so what about making the
> > > preload probe honors the `--injector-override` command line parameter?
> > > In our case we would run gammaray with "--injector-override
> > > gammaray_probe.so" and keep the link hack. This at least would allow
> > > us to not patch gammaray.
> > 
> > That sounds like a minimal-invasive solution for this scenario indeed, and
> > should not interfere with anything else.
> 
> So I take that as a "Go ahead, submit a fix".

yes, please :)

> Do you think it might be worth documenting this scenario, and the
> workaround that go with it?
> If yes, where should the documentation go, maybe the wiki?

Definitely! The wiki is one option, the user manual (see qdoc files in docs/
manual) might be another, although I'm not finding an obvious place there 
either. Probably in the launch cli section (https://docs.kdab.com/gammaray-manual/latest/gammaray-command-line.html), or maybe in the "Advanced Usage" 
section (https://docs.kdab.com/gammaray-manual/latest/gammaray-advanced-usage.html) that is kinda the collection of miscellaneous niche topics.

Anyway, as long as it's written down somewhere the most important part is 
done, moving the information around later if we find a better place is easy.

> > Btw, in case you hit further limits with LD_PRELOAD (like we do on Android
> > for example), there's also the option to just link against
> > gammaray_probe.so. Not really elegant of course as GammaRay will then be
> > always active, but it's more robust than any other injection approach.
> 
> Yes, that's an interesting feature, but in our case, we would like to
> use the injection at runtime, as the default behaviour.
> The whole idea was to fully integrate gammaray with our embedded linux
> system, we currently have a startup script (SysV init), that allows to
> start our app "normally", under gdbserver, under squish (UI test), and
> now under gammaray. This will hopefully encourage developers to use
> gammaray on the target.
> 
> So we'll stick to dynamic injection.
> Having said that, i never tried the static probe, i think i should
> give it a go and see if i can spot a difference.
> If i can see definite advantage, i might add this option to our build
> system.

Yep, sounds like you want dynamic injection in that case indeed. Especially 
when also having Squish in the picture, those two use similar hooks in Qt, and 
might unintentionally interfere with each other.

Regards,
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4664 bytes
Desc: not available
URL: <http://mail.kdab.com/pipermail/gammaray-interest/attachments/20190307/115b5755/attachment.p7s>

More information about the Gammaray-interest mailing list