Conversation

Notices

1. Embed this notice
   ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Sunday, 24-Aug-2025 18:23:34 JST ✧✦Catherine✦✧

   just like vmlinux embeds the vDSO, i think there should be a way to compile linux such that it embeds a copy of busybox, and all of the ELF loading code is bypassed in favor of mapping the executable into the new address space and transferring control to its entry point

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Sunday, 24-Aug-2025 19:11:26 JST ✧✦Catherine✦✧

     in reply to

     > Since Linux v4.18, a more advanced API called user mode driver is available to run a user mode helper. The basic idea behind this API is that instead of specifying a path to a file on the root file system, an arbitrary buffer can be provided. The content of this buffer will be executed in user space just like a regular program.

     upsettingly, kernel.org and the vendors is ahead of me here

   • Embed this notice
     dram🎀 (dramforever@mastodon.social)'s status on Sunday, 24-Aug-2025 19:25:45 JST dram🎀

     in reply to

     @whitequark still easier to make a builtin initramfs with just a /init though, i think

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Monday, 25-Aug-2025 02:35:52 JST ✧✦Catherine✦✧

     in reply to

     • Jann Horn

     @jann i know, i wrote like half a dozen of ELF loaders in my life. this is entirely an aesthetic thing

   • Embed this notice
     ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Monday, 25-Aug-2025 02:35:53 JST ✧✦Catherine✦✧

     in reply to

     • Jann Horn

     @jann i think the vDSO has a hardcoded header and segment mappings or something rather than parsing an actual ELF whenever it needs to be mapped

   • Embed this notice
     Jann Horn (jann@infosec.exchange)'s status on Monday, 25-Aug-2025 02:35:53 JST Jann Horn

     in reply to

     @whitequark ah yes the vdso section is just a VMA with a custom page fault handler that inserts PTEs pointing to an in-kernel buffer on demand (and vvar is basically like that, too).
     but ELF loading in the kernel isn't really all that complicated either, you basically go through an array of "please map this range to this location"...

   • Embed this notice
     Jann Horn (jann@infosec.exchange)'s status on Monday, 25-Aug-2025 02:35:54 JST Jann Horn

     in reply to

     @whitequark what would bypassing ELF loading mean? pretty much the only elf loading the kernel does for a static binary is to map its memory ranges into an address space and then run it starting at the entry point...