Re: Offset2lib: bypassing full ASLR on 64bit Linux

[Andy Lutomirski <luto () amacapital net>]

On 12/05/2014 04:44 PM, Hanno Böck wrote:
> On Fri, 05 Dec 2014 17:43:44 -0500
> Daniel Kahn Gillmor <dkg-QLrU/DhXBlmnlhUoGqYIEF6hYfS7NtTn () public gmane org> wrote:
>
> > i couldn't find a reference to this in the nautilus bugtracker, so i
> > just posted:
> >
> >  https://bugzilla.gnome.org/show_bug.cgi?id=741183
>
> I tried to dig into this a bit. I'm not really sure, but based on the
> output I assume nautilus is relying on file or libmagic to assess the
> file type.
>
> And that's what fails:
> $ file --mime-type pie
> pie: application/x-sharedlib
>
>
> It seems there is no really easy way to separate executables from
> shared libraries and whether this should be considered a bug in
> file/libmagic. The only thing I quickly found that would be possible is
> searching if a SONAME is present. libmagic uses some "magic" file
> format to parse files, I don't know if that's capable of such complex
> parsing.

Why does gcc and/or ld write a non-zero entry point?  If they didn't,
that would be an easy way to check.

--Andy

> (oh, btw, this is one more reason to wipe out potential security bugs
> in file...)