Skip to content

DynELF libcdb feature requrests #983

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
TethysSvensson opened this issue May 18, 2017 · 6 comments
Closed

DynELF libcdb feature requrests #983

TethysSvensson opened this issue May 18, 2017 · 6 comments
Assignees
@zachriggle
Labels
feature Hacktoberfest help-wanted
Milestone
3.8.0

Comments

@TethysSvensson
Copy link
Contributor

  • The ability to turn downloading off and use in-memory resolving exclusively (should ignore the cache as well)
  • Update in the docs to show that the libcs are cached to find the downloaded libc.
  • Negative caching: If we cannot download a libc (bug, gitlab is down, the libc does not exist), this should be cached. At least an in memory negative cache, but I would prefer if we put something time-limited in /tmp as well.
  • The local libc should be tried before using libcdb
  • Some of the hashes are broken, e.g. https://gitlab.com/libcdb/libcdb/raw/master/hashes/build_id/ca5c6cfe528af541c3c2c15cee4b3c74da4e2fb4. Could we add a test to make sure that all the links are working?
@zachriggle zachriggle self-assigned this May 22, 2017
@zachriggle
Copy link
Member

Most of these are doable, with the exception of "Could we add a test to make sure that all the links are working?". There's no way to automate this externally, it'd have to be something done on the libcdb side.

@zachriggle zachriggle mentioned this issue May 22, 2017
Merged
@zachriggle zachriggle added this to the 3.8.0 milestone May 22, 2017
@TethysSvensson
Copy link
Contributor Author

Sure, I should have filed that on the libcdb repo.

@zachriggle
Copy link
Member

Closed via #986

@TethysSvensson
Copy link
Contributor Author

There are still a few things from the above list missing:

  • The negative caching should time-limited (since libcdb might introduce more/fix broken symlinks)
  • The local libc should be tried

@zachriggle
Copy link
Member

Good catch, thanks!

peace-maker added a commit to peace-maker/pwntools that referenced this issue Dec 30, 2023
@peace-maker
Retry failed lookups after one week in libcdb
b24c499 
The libc databases might be updated to include the searched version,
so a request that failed once might work in the future.

Refs Gallopsled#983
@peace-maker peace-maker mentioned this issue Dec 30, 2023
Merged
peace-maker added a commit to peace-maker/pwntools that referenced this issue Jan 2, 2024
@peace-maker
Match against local system libc first in libcdb
1711b5d 
Don't do any requests if the libc currently in use on the system
running the exploit matches already. This is a small short circuit
optimization when the remote target uses the same libc as the
local one.

This looks at the libc loaded by the local shell binary. This appears
more dynamic than hardcoding library paths.

Refs Gallopsled#983
@peace-maker peace-maker mentioned this issue Jan 2, 2024
Merged
peace-maker added a commit that referenced this issue Jan 30, 2024
@peace-maker
Retry failed lookups after one week in libcdb (#2323)
993f590 
* Retry failed lookups after one week in libcdb

The libc databases might be updated to include the searched version,
so a request that failed once might work in the future.

Refs #983

* Update CHANGELOG
peace-maker added a commit that referenced this issue Jan 30, 2024
@peace-maker
Match against local system libc first in libcdb (#2325)
27bc31e 
* Match against local system libc first in libcdb

Don't do any requests if the libc currently in use on the system
running the exploit matches already. This is a small short circuit
optimization when the remote target uses the same libc as the
local one.

This looks at the libc loaded by the local shell binary. This appears
more dynamic than hardcoding library paths.

Refs #983

* Update CHANGELOG

* Handle missing SHELL envvar

* Fix hash lookup
@peace-maker
Copy link
Member

The last two open items from the list are implemented now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zachriggle zachriggle

Labels
feature Hacktoberfest help-wanted
Projects
None yet
Milestone
3.8.0
Development

No branches or pull requests
3 participants
@zachriggle @peace-maker @TethysSvensson