[Ltrace-devel] Patch for 32-bit secure PLTs on PowerPC

PAUL GILLIAM pgilliam at us.ibm.com
Fri Mar 3 00:38:34 UTC 2006


Recently, The abi for 32-bit PowerPC applications was changed to make it
more secure.  Essentially, entries in the PLT where changed from
executable jump instructions to non-executable pointers.  This made the
32-bit abi more like the 64-bit one and closed a possible security
weakness.

With the old abi, ltrace would place a trap instructions in the PLT
entry for each library routine.  With a secure PLT, this would cause a
segfault when the binary for a trap instruction was treated like an
address and jumped to.

The attached patch upgrades ltrace to work with the new abi.

I tried to make the patch 'architecture transparent', but I did add an
"#ifdef __powerpc__" in process_event.c and I want to explain it a
little.  I suspect that it doesn't need to be "#ifdef"ed, but I haven't
had a chance to test it on anything other then a PowerPC-64 box.

The added code deals with a strange artifact of the new abi: the initial
PLT entries point into an area called the '.glink' section that contains
jumps to PLTresolve, part of the dynamic linker.  The problem is that
some of the entries at the end of the '.glink' section are not jumps,
but nops.  Normally, this is fine because they all just fall into
PLTresolve.  But when we stick break-points in the .glink table, initial
calls of the effected library routines fall into the trap instructions
for other library routines.  This messes up ltrace's idea of the call
stack.

This code doesn't really need to be "#ifdef"ed because the circumstances
it looks for are not likely to occur an any other architecture.

**** NOTE ****  This patch is against *my* version of the source.  I
will convert it to a patch against the canonical source when I get
access to it.

-=# Paul #=-


-------------- next part --------------
A non-text attachment was scrubbed...
Name: secure.patch
Type: text/x-patch
Size: 35866 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/ltrace-devel/attachments/20060302/6d221865/secure-0001.bin


More information about the Ltrace-devel mailing list