[HN Gopher] PatchELF: Simple utility for modifying existing ELF ...
___________________________________________________________________
PatchELF: Simple utility for modifying existing ELF executables and
libraries
Author : ingve
Score : 83 points
Date : 2021-05-07 18:59 UTC (4 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| NieDzejkob wrote:
| Apart from adapting proprietary or hard-to-compile software to
| non-FHS distros like NixOS or Guix, what are the usecases of
| patchelf?
| eikenberry wrote:
| Sounds like something that would make binary patching easier.
| Lack of simple binary patching is one of the key bits missing
| that would make switching to static binaries more viable.
| Currently one of the big upsides to dynamic libraries is the
| bandwidth they save in distribution where binary patches would
| go a long way to addressing this.
| dathinab wrote:
| Needing a LD_PRELOAD on a system where LD_PRELOAD is blocked.
|
| Sure it still requires you to have rights to create+run a
| executable.
|
| But it's a much better model then LD_PRELOAD as it can only be
| used on executable you can write to, which normally means you
| your user/group but not other user/group owned executables.
| Which is especially relevant with suid/sgid.
|
| You can also use this, to patch a library which is compiled in
| a way where LD_PRELOAD doesn't work. Like suid binaries.
| Through you have to potentially make a copy and set the suid
| bit again.
| bregma wrote:
| Some of the things it does are extremely handy for simple
| privilege escalation attacks.
| cyberpunk wrote:
| Got a link to more reading on this? Super interested.
| saagarjha wrote:
| It's an easy way to modify the binary to load extra code,
| which can alter how it behaves.
| blackfawn wrote:
| Being able to add or update the rpath on apps and shared
| objects is pretty handy, particularly when the target would be
| annoying or problematic to rebuild.
| formerly_proven wrote:
| To add, there's chrpath(1), but that can't grow the field in
| the ELF file, so you can only change the rpath to something
| _shorter_ than it is now, and usually it 's empty.
| Falell wrote:
| I've used it to edit a binary's rpath as part of relocating
| binaries that really want to be installed at a certain path.
|
| You can do this yourself with e.g. hexedit if your new path is
| shorter but if it's longer you need something smarter, like
| patchelf.
| hvdijk wrote:
| You don't even need to patch it to include a certain path,
| you can use (and I have used) it to include $ORIGIN or
| $ORIGIN/../lib in programs' RPATHs.
|
| Be careful about when this is and isn't okay though. When
| used wrong this can be a security risk, such as when your
| browser auto-downloads files to a Downloads folder, and the
| program you are patching is also in there.
| geofft wrote:
| We use this at my workplace to add $ORIGIN-relative rpaths to
| third-party dependencies of internal code, since we want to
| distribute/version those along with the code, not with the OS,
| and we also don't want to distribute them in the medium of OS
| packages (so you don't have to be root, so we don't risk
| messing up the base OS, etc.). In many senses that's just a
| "non-FHS distro," but it's arguably not a distro at all.
|
| Even for easy-to-compile third-party code, squeezing -Wl,-rpath
| into all the right places is more of a pain than you'd hope, so
| we just run patchelf on everything in the third-party directory
| at the end of the build, regardless of whether the "build" is
| an actual build or just an untar of proprietary software.
| dannyz wrote:
| Lots of Python packages containing native code are optionally
| distributed with pre-compiled libraries that have been modified
| with patchelf. I believe both auditwheel
| (https://pypi.org/project/auditwheel/) and conda-build do this.
| dimator wrote:
| Yes. Auditwheel inspects the native python parts and shoves
| any external .so dependencies _into_ the wheel, making it
| hermetic.
| phissenschaft wrote:
| Super useful for updating rpath!
| kelvie wrote:
| https://nixos.org/guides/nix-pills/automatic-runtime-depende...
|
| Part of the excellent "nix pills" guide on why things are the way
| they are in Nix, and why this tool was created.
|
| The whole series is a pretty easy evening read if you have
| experience in functional languages (like haskell), and really
| helps you appreciate what nix is doing.
|
| One of my main reservations about Nix and introducing it at work
| is basically requiring that other developers wrap their minds
| around functional concepts like partial application.
|
| This might just be an imagined problem, but not one I want to
| spend cycles explaining to the higher-ups
| mkhnews wrote:
| Thank you for this great tool.
| stabbles wrote:
| Patchelf is almost always broken, and when they merge fixes they
| don't release a new version right away. Between 2014-2019 running
| patchelf+strip would corrupt binaries, after the fix running
| patchelf twice on the same binary would corrupt it. And now
| patchelf doesn't work on all binaries, there's a bugfix merged
| https://github.com/NixOS/patchelf/pull/230 merged Nov 19, 2020,
| but no release since then.
|
| Also patchelf exposed a bug in ldconfig noted 11 years ago and
| only fixed in glibc 2.31: https://nix-
| dev.science.uu.narkive.com/q6Ww5fyO/ldconfig-pro...
|
| And currently patchelf still has a bug:
| https://github.com/NixOS/patchelf/pull/275
|
| Apparently elf files are hard.
| ornxka wrote:
| I'm not really sure why it has to be that hard, like, why don't
| we just use base64-encoded JSON or something?
| jchw wrote:
| To be fair, patching existing binaries isn't all that easy to
| begin with. Once you need to start moving around structures, a
| lot of bets are off. In case of NixOS, I'm sure the long nix
| store paths added often overflow structures and require
| workarounds to avoid breaking images. Hacking around Win32 PE
| images, I've run into a lot of tricky subtle issues over
| time...
| stabbles wrote:
| Yeah, it wasn't meant to criticize the project as a whole;
| I'm happy that at least someone took on the project of
| "growing" the rpath section... My only point of critique is
| they should immediately tag a new version after a bug fix,
| cause many distro's have buggy versions of patchelf.
___________________________________________________________________
(page generated 2021-05-07 23:00 UTC)