Closed XutaxKamay closed 2 years ago
serge1
commented
2 years ago Hi, if I understand the purpose of auxiliary vectors correctly, they are used at run time only and are not the part of the ELF format. In case my interpretation is correct, I don't think think that auxiliary vectors support should be added to the parsing library. I would associate them to the library's possible usage facilities.
XutaxKamay
commented
2 years ago To quote lwn article (https://lwn.net/Articles/631631/):
The first collection of information forms the ELF auxiliary vector, a collection of (id, value) pairs that describe useful information about the program being run and the environment it is running in, communicated from the kernel to user space.
So most of people (including codes) say it is inside ELF specification but this is something I'm unsure about now that I look around, and that people just called it "Elf_auxv" because it was highly linked to ELF file format ? I don't know, but the fact that it is conventional to use it in every operating systems makes me feel, yes it is an ELF specification.
It is indeed not necessary for parsing the file, and it was used just only to pass (optional) information to the ELF program at runtime.
But now it is needed to also load the binary, because it seems that everyone who are using ELF have at some point in their OS, use these "ELF" auxiliary vectors to pass information such as AT_RANDOM to initialize the stack cookie for protecting the stack in case of buffer overflows. glibc does that for example, it takes basically take the pointer of a 64/32 bit integer at AT_RANDOM index from the auxiliary vectors and reads it directly by assigning the stack cookie value without even checking if the pointer is valid or not which results in a crash.
So yes, it is not needed for parsing the file/binary on disk, but it could be very useful for parsing ELF binaries at run-time (which is maybe not supported), which contains a lot more of information.
serge1
commented
2 years ago Thank you for your comment! So, what do you propose? Is it just adding ELF auziliary vector structure definitions into the library? If so, I have no objection. Do you have in mind anything else?
XutaxKamay
commented
2 years ago I'm glad it helped.
Yes, just adding the auxv structure and the enums related to it into the library. I use them for my ELF injector, that's why. :)
And no, I don't have anything else in mind no, but if I ever do, I'll make another "issue" for it.
Do you want me to do the pull request or you would like to do it yourself?
Also thank you for the library, it's very useful and can be included nicely into projects.
serge1
commented
2 years ago Do you want me to do the pull request or you would like to do it yourself?
I'll be glad to get PR from you. You know better what the actual need is.
Also thank you for the library, it's very useful and can be included nicely into projects.
Thank you very much for your compliments and usage of the library!
XutaxKamay
commented
2 years ago Do you want me to do the pull request or you would like to do it yourself?
I'll be glad to get PR from you. You know better what the actual need is.
Also thank you for the library, it's very useful and can be included nicely into projects.
Thank you very much for your compliments and usage of the library!
Alright, I'll do it when i'll get a bit of time. :)
No need to thank me, thank you for your work.
serge1
commented
2 years ago Solved by PR #105.
Hello :)
this is more a "draft" or question than an issue since I'm willing to make a pull request for it if you want / prefer me to, but I was wondering if you wanted implementing yourself instead of making a pull request since it should be straightforward to do it:
https://code.woboq.org/userspace/glibc/elf/elf.h.html#1131
Auxiliary vectors are actually required for initializing stack canaries nowadays (AT_RANDOM) but also a lot more, but it could be also used to fill information when loading the ELF file into memory, for example the entry point of the program. (AT_ENTRY)
But I didn't know if it was appropriate to include it since I can relate that ELFIO first intent is to (only) parsing and generating ELF files, not exactly mapping them and executing them (I may be wrong). How ever it could be maybe useful for those that gets parsed in the run-time in the future?
Let me know what you think.