-
Notifications
You must be signed in to change notification settings - Fork 557
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
elf | tool treats whole segment as executable even if sections inside it are read-only #196
Comments
@Kristal-g, I suppose we may use segments to preliminary detect memory regions for gadget search. Then, we may exclude non-executable memory areas based on sections information. @JonathanSalwan, what do you think? What was the original cause of switching from sections to segments? |
@Kristal-g, as current workaround ROPgadget has range option:
|
I don't remember why we did this move =/. However, maybe we can add options to exclude sections/segments? |
I took a look at other rop gadgets tools and found that some use only the sections, and some use the segments; so there's no consensus out there. I suggest either a flag like that or some warning where the addresses of the sections don't fill the whole segments (meaning that perhaps part of the segment's memory isn't meant to be executable and won't stay that way). |
As I stated earlier, you may use both segments and sections. Just exclude non-executable memory areas from segments according to info in sections. |
Great tool!
I was surprised at first when I tried to use gadgets that it found, but they were in memory that is not executable or is already freed.
The cause for this is this commit here.
I get that it might be generally more correct to search by segment and not by sections, but it could be useful to have the ability to control that feature, or maybe alert about non-executable sections inside an executable segment.
The use-case for me is searching gadgets in the linux kernel, that has a RWX segment with ".init" sections that get freed after the kernel's initialization:
I would create a pull request myself, but we should first agree if we want to fix it, and how :)
The text was updated successfully, but these errors were encountered: