TUCoPS :: Unix :: General :: unix4858.htm

ELF libs & /proc
14th Nov 2001 [SBWID-4858]

	ELF libs & /proc


	most unixes


	grugq [  ]  has  introduced  a  .pdf  to  explain  the
	parasiting technique :

	Grabb the file at :

	Summary :

	Development of feature rich Unix parasites has been severely limited  by
	the inability to reliably access functions external to  the  host  file.
	Until now, it has been accepted as fact that  utilizing  libraries  from
	within parasite code is a prohibitively complex  task.  We  explore  the
	dynamic linking mechan- isms  of  the  Executable  and  Linkable  Format
	(ELF), and how these mechanisms can be bypassed  or  hijacked  to  allow
	parasite code access to shared objects. We demonstrate that  it  is  not
	only possible,  but  also  relatively  simple,  to  load  libraries  and
	resolve symbols using a methodology developed within  this  paper.  This
	methodology is simple to implement and can be  utilized  on  any  modern
	Unix supporting both the ELF and the /proc file system.  Implementations
	of this methodology  are  presented  for  each  of  three  popular  Unix
	variants: Linux, FreeBSD and Solaris.



