[tor-dev] Torsocks 2.x issue - Need eyes on that
dgoulet at ev0ke.net
Wed Oct 30 01:19:19 UTC 2013
On 29 Oct (16:41:02), Ian Goldberg wrote:
> On Tue, Oct 29, 2013 at 03:10:50PM -0400, David Goulet wrote:
> > That would work if there is a way I can "differ" the hijack of the
> > syscall symbol... Unfortunately, this is done at linking time thus
> > during run time, the syscall symbol is already hijacked by torsocks.
> > Let say we don't try to lookup the syscall symbol, the issue is that the
> > original syscall libc pointer will NOT exists within torsocks code so we
> > can't handle call to syscall() because we can't route it to libc. :S
> > It's really that we get in a kind of "infinite loop" where dlsym calls
> > syscall that calls dlsym and so on. But in the first place, we at least
> > need the libc syscall symbol so we can handle them.
> Might it be possible to use objcopy tricks like --prefix-string or
> --redefine-sym to make the exported version of syscall different from
> the imported version? Then the torsocks code could just call syscall()
> as a normal libc function, linked by ld.so, but when firefox called
> syscall, it would call torsocks's torsocks_syscall(), or something?
I've played a bit with objcopy and redefining dynamic symbols is not
possible. And a stripped binary makes things harder also...
Unless you know a way to do that, I'll check in an other direction.
Big thanks Ian!
> - Ian
> tor-dev mailing list
> tor-dev at lists.torproject.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 620 bytes
Desc: Digital signature
More information about the tor-dev