TARDIS icon indicating copy to clipboard operation
TARDIS copied to clipboard

Published 20 hours ago verified publisher icon DavidBuchanan314

Bypass VDSO More Robustly

Open DavidBuchanan314 opened this issue 5 years ago • 2 comments

As described here: https://news.ycombinator.com/item?id=14200889

DavidBuchanan314 avatar Jul 06 '20 15:07 DavidBuchanan314

The suggested way to drop vdso in the linked gist doesn't work for me. What does work for me is using dlopen to open novdso.so with the flags RTLD_NOW and RTLD_DEEPBIND. This is just a workaround that allows the same LD_PRELOAD "trick" to work at the library (rather than user) level.

maxbla avatar Oct 24 '20 23:10 maxbla

@maxbla I have a fix to this I will post later today inspired by the gist, so there is no need for novdso.so anymore. The reason it probably didn't work for you is because you've modified vsdo of the tracer, not the tracee, so I fixed it with some ptrace magic.

bigb4ng avatar Apr 20 '24 09:04 bigb4ng