search

shellphish / how2heap

A repository for learning various heap exploitation techniques.
MIT License
7.1k stars 1.13k forks source link

Not working on ubuntu 22.04, version `GLIBC_2.34' not found #169

Closed r888800009 closed 9 months ago

r888800009 commented 9 months ago

Hello, compiling PoC on ubuntu 22.04 docker image will link to the /lib/x86_64-linux-gnu/libc.so.6 and not a specific libc version This problem only occurs when using ubuntu 22.04 ubuntu 20.04 works fine

docker run --rm -it ubuntu:22.04
apt update
apt -y install patchelf zstd python-is-python3 make git gcc
git clone https://github.com/shellphish/how2heap
cd how2heap
make clean all
./glibc_run.sh 2.31 ./malloc_playground -r
Getting 2.31-0ubuntu9.12_amd64
  -> Location: https://mirror.tuna.tsinghua.edu.cn/ubuntu/pool/main/g/glibc/libc6_2.31-0ubuntu9.12_amd64.deb
  -> Downloading libc binary package
Failed to download package from https://mirror.tuna.tsinghua.edu.cn/ubuntu/pool/main/g/glibc/libc6_2.31-0ubuntu9.12_amd64.deb
Getting 2.31-0ubuntu9.12_amd64
  -> Location: http://old-releases.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.31-0ubuntu9.12_amd64.deb
  -> Downloading libc binary package
Failed to download package from http://old-releases.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.31-0ubuntu9.12_amd64.deb
/work/how2heap
INERPERETER as ./glibc_versions/2.31/x64/lib/ld-2.31.so for ./malloc_playground
RPATH as ./glibc_versions/2.31/x64/lib
./malloc_playground: ./glibc_versions/2.31/x64/lib/libc.so.6: version `GLIBC_2.34' not found (required by ./malloc_playground)
Kyle-Kyle commented 9 months ago

It seems that the error first comes from Failed to download package from https://mirror.tuna.tsinghua.edu.cn/ubuntu/pool/main/g/glibc/libc6_2.31-0ubuntu9.12_amd64.deb. So, somehow it fails to download the correct libc. I'll investigate what's going on.

Kyle-Kyle commented 9 months ago

It turns out the issue is on symbol versioning. In glibc 2.34, glibc introduced a new version of __libc_start_main (https://sourceware.org/bugzilla/show_bug.cgi?id=23323). So, every binary compiled in the environment after glibc-2.34 will try to link with __libc_start_main@GLIBC_2.34 instead of __libc_start_main@GLIBC_2.2.5. But glibc-2.31(the one you are trying to link against) is not aware of the new version, it errors out. To solve this issue, you'd have to compile the malloc_playground in an environment before glibc-2.34 and then link it with glibc-2.31. Or link it with a libc that's higher than or equal to glibc-2.34. Some extra reference: https://github.com/wheybags/glibc_version_header

Kyle-Kyle commented 9 months ago

Since this is more of a glibc symbol versioning question, I'll not do anything about it. Please reopen the issue if you think more should be done in this repo.

oswalpalash commented 8 months ago

A work around would be to share the repo as a volume mount into a ubuntu:20.04 container and then build it in the container.

Kyle-Kyle commented 4 months ago

FYI, I just updated our make system today. By using some linker magic, you can now freely debug compiled binaries with every libc without the symbol versioning issue.

Kyle-Kyle commented 4 months ago

the relevant code can be found here: https://github.com/shellphish/how2heap/blob/master/Makefile#L59