[HN Gopher] PatchELF: Simple utility for modifying existing ELF ... ___________________________________________________________________ PatchELF: Simple utility for modifying existing ELF executables and libraries Author : ingve Score : 83 points Date : 2021-05-07 18:59 UTC (4 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | NieDzejkob wrote: | Apart from adapting proprietary or hard-to-compile software to | non-FHS distros like NixOS or Guix, what are the usecases of | patchelf? | eikenberry wrote: | Sounds like something that would make binary patching easier. | Lack of simple binary patching is one of the key bits missing | that would make switching to static binaries more viable. | Currently one of the big upsides to dynamic libraries is the | bandwidth they save in distribution where binary patches would | go a long way to addressing this. | dathinab wrote: | Needing a LD_PRELOAD on a system where LD_PRELOAD is blocked. | | Sure it still requires you to have rights to create+run a | executable. | | But it's a much better model then LD_PRELOAD as it can only be | used on executable you can write to, which normally means you | your user/group but not other user/group owned executables. | Which is especially relevant with suid/sgid. | | You can also use this, to patch a library which is compiled in | a way where LD_PRELOAD doesn't work. Like suid binaries. | Through you have to potentially make a copy and set the suid | bit again. | bregma wrote: | Some of the things it does are extremely handy for simple | privilege escalation attacks. | cyberpunk wrote: | Got a link to more reading on this? Super interested. | saagarjha wrote: | It's an easy way to modify the binary to load extra code, | which can alter how it behaves. | blackfawn wrote: | Being able to add or update the rpath on apps and shared | objects is pretty handy, particularly when the target would be | annoying or problematic to rebuild. | formerly_proven wrote: | To add, there's chrpath(1), but that can't grow the field in | the ELF file, so you can only change the rpath to something | _shorter_ than it is now, and usually it 's empty. | Falell wrote: | I've used it to edit a binary's rpath as part of relocating | binaries that really want to be installed at a certain path. | | You can do this yourself with e.g. hexedit if your new path is | shorter but if it's longer you need something smarter, like | patchelf. | hvdijk wrote: | You don't even need to patch it to include a certain path, | you can use (and I have used) it to include $ORIGIN or | $ORIGIN/../lib in programs' RPATHs. | | Be careful about when this is and isn't okay though. When | used wrong this can be a security risk, such as when your | browser auto-downloads files to a Downloads folder, and the | program you are patching is also in there. | geofft wrote: | We use this at my workplace to add $ORIGIN-relative rpaths to | third-party dependencies of internal code, since we want to | distribute/version those along with the code, not with the OS, | and we also don't want to distribute them in the medium of OS | packages (so you don't have to be root, so we don't risk | messing up the base OS, etc.). In many senses that's just a | "non-FHS distro," but it's arguably not a distro at all. | | Even for easy-to-compile third-party code, squeezing -Wl,-rpath | into all the right places is more of a pain than you'd hope, so | we just run patchelf on everything in the third-party directory | at the end of the build, regardless of whether the "build" is | an actual build or just an untar of proprietary software. | dannyz wrote: | Lots of Python packages containing native code are optionally | distributed with pre-compiled libraries that have been modified | with patchelf. I believe both auditwheel | (https://pypi.org/project/auditwheel/) and conda-build do this. | dimator wrote: | Yes. Auditwheel inspects the native python parts and shoves | any external .so dependencies _into_ the wheel, making it | hermetic. | phissenschaft wrote: | Super useful for updating rpath! | kelvie wrote: | https://nixos.org/guides/nix-pills/automatic-runtime-depende... | | Part of the excellent "nix pills" guide on why things are the way | they are in Nix, and why this tool was created. | | The whole series is a pretty easy evening read if you have | experience in functional languages (like haskell), and really | helps you appreciate what nix is doing. | | One of my main reservations about Nix and introducing it at work | is basically requiring that other developers wrap their minds | around functional concepts like partial application. | | This might just be an imagined problem, but not one I want to | spend cycles explaining to the higher-ups | mkhnews wrote: | Thank you for this great tool. | stabbles wrote: | Patchelf is almost always broken, and when they merge fixes they | don't release a new version right away. Between 2014-2019 running | patchelf+strip would corrupt binaries, after the fix running | patchelf twice on the same binary would corrupt it. And now | patchelf doesn't work on all binaries, there's a bugfix merged | https://github.com/NixOS/patchelf/pull/230 merged Nov 19, 2020, | but no release since then. | | Also patchelf exposed a bug in ldconfig noted 11 years ago and | only fixed in glibc 2.31: https://nix- | dev.science.uu.narkive.com/q6Ww5fyO/ldconfig-pro... | | And currently patchelf still has a bug: | https://github.com/NixOS/patchelf/pull/275 | | Apparently elf files are hard. | ornxka wrote: | I'm not really sure why it has to be that hard, like, why don't | we just use base64-encoded JSON or something? | jchw wrote: | To be fair, patching existing binaries isn't all that easy to | begin with. Once you need to start moving around structures, a | lot of bets are off. In case of NixOS, I'm sure the long nix | store paths added often overflow structures and require | workarounds to avoid breaking images. Hacking around Win32 PE | images, I've run into a lot of tricky subtle issues over | time... | stabbles wrote: | Yeah, it wasn't meant to criticize the project as a whole; | I'm happy that at least someone took on the project of | "growing" the rpath section... My only point of critique is | they should immediately tag a new version after a bug fix, | cause many distro's have buggy versions of patchelf. ___________________________________________________________________ (page generated 2021-05-07 23:00 UTC)