[tor-dev] Torsocks 2.x issue - Need eyes on that
Ian Goldberg
iang at cs.uwaterloo.ca
Tue Oct 29 20:41:02 UTC 2013
On Tue, Oct 29, 2013 at 03:10:50PM -0400, David Goulet wrote:
> That would work if there is a way I can "differ" the hijack of the
> syscall symbol... Unfortunately, this is done at linking time thus
> during run time, the syscall symbol is already hijacked by torsocks.
>
> Let say we don't try to lookup the syscall symbol, the issue is that the
> original syscall libc pointer will NOT exists within torsocks code so we
> can't handle call to syscall() because we can't route it to libc. :S
>
> It's really that we get in a kind of "infinite loop" where dlsym calls
> syscall that calls dlsym and so on. But in the first place, we at least
> need the libc syscall symbol so we can handle them.
Might it be possible to use objcopy tricks like --prefix-string or
--redefine-sym to make the exported version of syscall different from
the imported version? Then the torsocks code could just call syscall()
as a normal libc function, linked by ld.so, but when firefox called
syscall, it would call torsocks's torsocks_syscall(), or something?
- Ian
More information about the tor-dev
mailing list