ansaurus

Question

How few a files does it take to load a program on Linux?

Answer 1

A:

no need for any ELF loader. to check what dynamic libraries you need do ldd <executable>. If you manage to static compile everything, it won't need any .so. Beyond that, it's only about the data and directory structure your program might need.

But all this is only if you use the /usr/bin/chroot command; if you make your program call int chroot(const char *path); itself after making sure all dynamic libraries are loaded, they you won't need anything on the directory sandbox. not even the executable itself.

edit: A different idea: use TCC (or rather, libtcc to compile, link, load and run the given C chunk. run the whole process inside an 'outer' chroot jail, dropping to an 'inner' (empty) one just before execution. (of course, execute in a fork(), or you won't be able to break out of the 'inner' jail to the 'outer' one). You might also take advantage of libtcc's bound's checked execution.

Javier 2010-05-07 02:31:13

You **must not** run ldd on an untrusted executable! ldd actually *runs the executable*.

derobert 2010-05-07 02:33:55

well, it's not an executable, it's C source code that he compiles himself. of course, it doesn't make that trusted; but he could insert the chroot() call and compile statically. any well-behaved source should run without anything on the jail; if it still needs anything else, i wouldn't call it well-behaved.

Javier 2010-05-07 05:57:01

I was thinking of having the program get loaded post chroot.

BCS 2010-05-07 15:25:25

@Javier: Calling `getprotobyname` requires /etc/protocols; `getservbyname` requires /etc/services; `getipnodebyname` /etc/hosts, and /etc/resolv.conf or similar. All require /etc/nsswitch.conf,

derobert 2010-05-08 02:59:22

@derobert: i don't see any of these on the question

Javier 2010-05-08 10:50:27

@Javier: that was in response to your comment "any well-behaved source should run without anything on the jail; if it still needs anything else, i wouldn't call it well-behaved.". I'm just giving examples files that a well-behaved program may well need.

derobert 2010-05-08 18:26:37

@derobert: ah, i see. i was referring about the link requirements. of course, there can be lots of data requirements, such as those you mention.

Javier 2010-05-09 01:53:03

Answer 2

+2 A:

You don't need anything except the executable to run a statically-linked hello world. You will, of course, need a lot more to compile it.

You can test this fairly easily, I did so with the following trivial C code:

#include <stdio.h>
int main() {
    puts("Hello, world\n");
    return 0;
}

compile it with gcc -static. Then make a new directory (I called it "chroot-dir"), move the output ("hello") into it. So the only file in the chroot is now the executable. Then run chroot chroot-dir ./hello, and you'll get Hello, world.

Note that there are some things that can not be compiled statically. For example, if your program does authentication (through PAM), PAM modules are always loaded dynamically. Also note that various files in /etc are needed for certain calls; any of the getpw* and getgr* functions, the domain name resolution functions, etc. will require nsswitch.conf (and some shared objects, and maybe more config files, and sometimes even more executables, depending on the lookup methods configured.) /etc/hosts, /etc/services, and /etc/protocols will probably be quite useful for any networking.

One easy way to figure out what files a program uses is to run it under strace. You must trust the program first, of course.

derobert 2010-05-07 02:31:46

Very nice answer! I wonder what it would take to normalize what can be used across systems: that only functions that are universally accessible are ever accessible.

BCS 2010-05-07 15:28:42

ansaurus

tags:

views:

answers:

How few a files does it take to load a program on Linux?

related questions