[Feature] Link libc during compile time instead of using ./glibc_run.sh

shellphish / how2heap

A repository for learning various heap exploitation techniques.

MIT License

7.13k stars 1.13k forks source link

[Feature] Link libc during compile time instead of using ./glibc_run.sh #180

Closed goreil closed 4 months ago

goreil commented 4 months ago

Currently, when running a binary, it has to be run like this to run with the correct libc version. ./glibc_run.sh glibc_2.27/fastbin_dup

This creates some issues:

It generates overhead and wait times for the libc to be downloaded and linked
It creates issues like #169 and #178 for Ubuntu 22.04 forcing workarounds with docker.

Proposal:

Modify the Makefile, so it links to the specific libc versions directly like this: gcc -Xlinker -rpath=/default/path/to/libraries -Xlinker -I/default/path/to/libraries/ld.so program.c

which solves both issues.

I can work on this issue. Any comments?

Kyle-Kyle commented 4 months ago

I think this is a great idea! So people don't have to ./glibc_run.sh everything

Kyle-Kyle commented 4 months ago

oh btw, please make this optional because I think most people still want to link with their system libc

goreil commented 4 months ago

Sure! Optional is a good idea. Thanks for the input!

goreil commented 4 months ago

I realize this might be more complicated than expected.

The goal still is to have binaries directly linked against libc during the build, so there is a lot less wait time than running ./glibc_run.sh glibc_2.27/fastbin_dup all the time.

My initial implementation idea was:

Download all libc
During compilation, compile with the -Xlinker -rpath=/default/path/to/libc to link targets against the downloaded libcs

Step 1 works and is in #182

For Step 2, I realize that I have too little experience with Makefile to get the syntax right.

goreil commented 4 months ago

I also experimented with just calling ./glibc_run.sh on every target in a loop, but this takes around 10 Minutes until every rpath and interpreter is set.

Maybe this will be the final solution but I feel like 10 minutes is a long time to wait.

edd255 commented 4 months ago

PR #183 should fix this issue. You have to download the libc's and loader first, though.

Kyle-Kyle commented 4 months ago

I completely refactored how our make system works. Now you can make clean && H2H_USE_SYSTEM_LIBC=N make v2.27 and all the binaries will be linked against the correct libcs.

ldd glibc_2.27/house_of_spirit
    linux-vdso.so.1 (0x00007ffd8e3e9000)
    libc.so.6 => ....../how2heap/glibc-all-in-one/libs/2.27-3ubuntu1.5_amd64/libc.so.6 (0x00007c531c600000)
    libdl.so.2 => ....../how2heap/glibc-all-in-one/libs/2.27-3ubuntu1.5_amd64/libdl.so.2 (0x00007c531c200000)
    ....../how2heap/glibc-all-in-one/libs/2.27-3ubuntu1.5_amd64/ld-2.27.so => /lib64/ld-linux-x86-64.so.2 (0x00007c531ca30000)

Kyle-Kyle commented 4 months ago

I'll close the issue now. But feel free to let me know if you encounter any issues :)

goreil commented 4 months ago

Works great! Thank you so much! :+1:

There is a small bug with the download on some versions like v2.24, but #185 should fix the issue.