force_bind
force_bind copied to clipboard
Published
20 hours ago •
meebey
meebey
Segfaults when using force_bind
Hi,
I have some segfaults when using some basic commands (less, man, cat), while having force_bind.so in LD_PRELOAD.
This produces segfault :
user@host:~$ cd /tmp/
user@host:/tmp$ export LD_PRELOAD=force_bind.so:
user@host:/tmp$ touch foo
user@host:/tmp$ less foo
Segmentation fault
user@host:/tmp$
Here is an strace when running less foo :
execve("/usr/bin/less", ["less", "foo"], [/* 19 vars */]) = 0
brk(0) = 0xad6000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4c31a57000
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=21754, ...}) = 0
mmap(NULL, 21754, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f4c31a51000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/tls/x86_64/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib/x86_64-linux-gnu/tls/x86_64", 0x7fff7b7724b0) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/tls/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib/x86_64-linux-gnu/tls", 0x7fff7b7724b0) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/x86_64/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib/x86_64-linux-gnu/x86_64", 0x7fff7b7724b0) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib/x86_64-linux-gnu", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0
open("/usr/lib/x86_64-linux-gnu/tls/x86_64/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib/x86_64-linux-gnu/tls/x86_64", 0x7fff7b7724b0) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/tls/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib/x86_64-linux-gnu/tls", 0x7fff7b7724b0) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/x86_64/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib/x86_64-linux-gnu/x86_64", 0x7fff7b7724b0) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib/x86_64-linux-gnu", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0
open("/lib/tls/x86_64/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib/tls/x86_64", 0x7fff7b7724b0) = -1 ENOENT (No such file or directory)
open("/lib/tls/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib/tls", 0x7fff7b7724b0) = -1 ENOENT (No such file or directory)
open("/lib/x86_64/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib/x86_64", 0x7fff7b7724b0) = -1 ENOENT (No such file or directory)
open("/lib/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/lib/tls/x86_64/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib/tls/x86_64", 0x7fff7b7724b0) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib/tls", 0x7fff7b7724b0) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64/force_bind.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib/x86_64", 0x7fff7b7724b0) = -1 ENOENT (No such file or directory)
open("/usr/lib/force_bind.so", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\16\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|S_ISUID|S_ISGID|0755, st_size=127107, ...}) = 0
mmap(NULL, 2116864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f4c31635000
mprotect(0x7f4c3163a000, 2093056, PROT_NONE) = 0
mmap(0x7f4c31839000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0x7f4c31839000
close(3) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libtinfo.so.5", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\323\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=167952, ...}) = 0
mmap(NULL, 2264608, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f4c3140c000
mprotect(0x7f4c31431000, 2093056, PROT_NONE) = 0
mmap(0x7f4c31630000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x24000) = 0x7f4c31630000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\357\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1595408, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4c31a50000
mmap(NULL, 3709016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f4c31082000
mprotect(0x7f4c31202000, 2097152, PROT_NONE) = 0
mmap(0x7f4c31402000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x180000) = 0x7f4c31402000
mmap(0x7f4c31407000, 18520, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f4c31407000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14768, ...}) = 0
mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f4c30e7e000
mprotect(0x7f4c30e80000, 2097152, PROT_NONE) = 0
mmap(0x7f4c31080000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f4c31080000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4c31a4f000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4c31a4e000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4c31a4d000
arch_prctl(ARCH_SET_FS, 0x7f4c31a4e700) = 0
mprotect(0x7f4c31080000, 4096, PROT_READ) = 0
mprotect(0x7f4c31402000, 16384, PROT_READ) = 0
mprotect(0x7f4c31630000, 16384, PROT_READ) = 0
mprotect(0x620000, 4096, PROT_READ) = 0
mprotect(0x7f4c31a59000, 4096, PROT_READ) = 0
munmap(0x7f4c31a51000, 21754) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
brk(0) = 0xad6000
brk(0xaf7000) = 0xaf7000
stat("/home/nicolas/.terminfo", 0x7fff7b771290) = -1 ENOENT (No such file or directory)
stat("/etc/terminfo", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
access("/etc/terminfo/x/xterm", R_OK) = -1 ENOENT (No such file or directory)
stat("/lib/terminfo", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
access("/lib/terminfo/x/xterm", R_OK) = 0
open("/lib/terminfo/x/xterm", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=3315, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4c31a56000
read(3, "\32\1)\0&\0\17\0\235\1Z\5xterm|xterm-debian|X"..., 4096) = 3315
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f4c31a56000, 4096) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=72, ws_col=270, ws_xpixel=0, ws_ypixel=0}) = 0
ioctl(2, TIOCGWINSZ, {ws_row=72, ws_col=270, ws_xpixel=0, ws_ypixel=0}) = 0
open("/usr/bin/.sysless", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/sysless", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/home/nicolas/.less", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2031648, ...}) = 0
mmap(NULL, 2031648, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f4c3185c000
close(3) = 0
open("/home/nicolas/.lesshst", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0600, st_size=277, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4c31a56000
read(3, ".less-history-file:\n.search\n\"log"..., 4096) = 277
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f4c31a56000, 4096) = 0
open("/dev/tty", O_RDONLY) = 3
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
fsync(3) = -1 EINVAL (Invalid argument)
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(3, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon -echo ...}) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon -echo ...}) = 0
rt_sigaction(SIGINT, {0x414760, [INT], SA_RESTORER|SA_RESTART, 0x7f4c310b44f0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTSTP, {0x4146e0, [TSTP], SA_RESTORER|SA_RESTART, 0x7f4c310b44f0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGWINCH, {0x414720, [WINCH], SA_RESTORER|SA_RESTART, 0x7f4c310b44f0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN, [QUIT], SA_RESTORER|SA_RESTART, 0x7f4c310b44f0}, {SIG_DFL, [], 0}, 8) = 0
stat("foo", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
stat("foo", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
open("foo", O_RDONLY) = 4
lseek(4, 1, SEEK_SET) = 1
lseek(4, 0, SEEK_SET) = 0
read(4, "", 256) = 0
lseek(4, 1, SEEK_SET) = 1
fstat(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
lseek(4, 0, SEEK_SET) = 0
stat("foo", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Segmentation fault
Force bind is compiled from latest git, on a machine running Debian Wheezy amd64.
Regards,
N-Mi.
This library is a pure hack and should only be used for programs that need to use a specific IP and not all programs. In general I can't recommend to use it for anything important as it is a hack that can break programs easily.
