search

columbia / egalito

Self-hosting binary instrumentation framework for security research
GNU General Public License v3.0
209 stars 39 forks source link

egalito docker image #31

Open basavesh opened 4 years ago

basavesh commented 4 years ago

Requesting you to create and provide a docker image for experimenting with Egalito.

dwks commented 4 years ago

It may be a while before I have time for this, but there is a VM image you can use here: https://osf.io/kduzg/

eschulte commented 3 years ago

The following should work per the Egalito README,

FROM ubuntu:20.04

SHELL ["/bin/bash", "-c"]

# Install apt packages
RUN export DEBIAN_FRONTEND=noninteractive
RUN ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime
RUN apt-get -y update && \
    apt-get -y install autoconf build-essential cmake curl \
    git libtool libboost-dev software-properties-common \
    make g++ libreadline-dev gdb lsb-release unzip \
    libc6-dbg libstdc++6-7-dbg

RUN git clone --branch=ubuntu20.04 https://github.com/columbia/egalito.git /egalito
WORKDIR /egalito
RUN sed -i 's|git@github.com:|https://github.com/|' .gitmodules
RUN git submodule update --init --recursive
RUN make

This gets further than the master branch, but I hit the following error (on the ubuntu20.04 branch). It looks like my_pthread should be defined in rtld but it isn't being exported (maybe because the Makefile in rtld isn't seding pthread to my_pthread).

#12 260.8 transform/data.cpp:33:37: error: invalid application of 'sizeof' to incomplete type 'DataLoader::allocateTLS(address_t, size_t, size_t*)::my_pthread'
#12 260.8    33 |     size += sizeof(struct my_pthread);
#12 260.8       |                                     ^
eschulte commented 3 years ago

With libstdc++6-10-dbg installed the problem is now that the Makefile that writes pthread.h is dumping the following line into the top of the file

(No debugging symbols found in /usr/lib/x86_64-linux-gnu/libc-2.31.so)

probably because on Ubuntu20 the debug version of libc appears to live in

/usr/lib/debug/lib/x86_64-linux-gnu/libc-2.31.so
eschulte commented 3 years ago

Okay, the following appears to successfully build an Egalito Docker image. The two sed commands would be better as patches to Egalito, see the inline comments which explain their purpose.

FROM ubuntu:20.04

SHELL ["/bin/bash", "-c"]

# Install apt packages
RUN export DEBIAN_FRONTEND=noninteractive
RUN ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime
RUN apt-get -y update && \
    apt-get -y install autoconf build-essential cmake curl \
    git libtool libboost-dev software-properties-common \
    make g++ libreadline-dev gdb lsb-release unzip \
    libc6-dbg libstdc++6-10-dbg

# Clone and build
RUN git clone --branch=ubuntu20.04 https://github.com/columbia/egalito.git /egalito
WORKDIR /egalito
# Switch to https submodules to clone w/o authentication.
RUN sed -i 's|git@github.com:|https://github.com/|' .gitmodules
RUN git submodule update --init --recursive
# Force the path to the debug libC which lives in a separate location on Ubuntu 20.04.
RUN sed -i 's|^LIBC = .*$|LIBC = /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.31.so|' dep/rtld/Makefile
RUN make
eschulte commented 3 years ago

(Sorry to spam this issue, this will be my last update here.)

Running the suggested test of cd src && ./loader ex/hello && cd - results in the following (so it looks like more updates are needed to find the debug libc on Ubuntu):

root@1b6dc4e36bbc:/egalito/src# ./loader ex/hello
...
here is one library: [module-libstdc++.so.6], role = LIBCPP
here is one library: [module-libgcc_s.so.1], role = NORMAL
here is one library: [module-libm.so.6], role = NORMAL
entry point at 0x40000038
creating ElfMap for file [/proc/self/exe]
building relocation list
No vtables known. libstdc++6-dbg not installed?
Skipping vtable migration for this library
Committing all updates to redirect loader vtables to libegalito
Segmentation fault
redthing1 commented 1 year ago

I have the same issue with it segfaulting at the end.

redthing1 commented 1 year ago 
here is one library: [module-(executable)], role = MAIN
here is one library: [module-(egalito)], role = EGALITO
here is one library: [module-libc.so.6], role = LIBC
here is one library: [module-libdistorm3.so], role = NORMAL
here is one library: [module-libpthread.so.0], role = NORMAL
here is one library: [module-libstdc++.so.6], role = LIBCPP
here is one library: [module-libgcc_s.so.1], role = NORMAL
here is one library: [module-libm.so.6], role = NORMAL
entry point at 0x40000038
creating ElfMap for file [/proc/self/exe]
building relocation list
No vtables known. libstdc++6-dbg not installed?
Skipping vtable migration for this library
Committing all updates to redirect loader vtables to libegalito

According to the log, it is indeed finding the libcpp, it just says no vtables known. Meaning that libstdcxxVTableList in void DataStructMigrator::migrate(ConductorSetup *setup) is empty. Unsure why that is the case.