6

So this is the scenario that I'm looking at:

I have 3 libraries - A, B and C.

  • Library A implements function foo() and exposes it as an API.
  • Function foo() calls the POSIX write() call to write some data.
  • Library B writes a wrapper to the write() glibc call using the linker -wrap option.
  • Library C links to both A and B.

Any write() call that the library C makes will get intercepted by the wrapper library B. But, my question is, if library C calls foo(), will the write() call inside foo() get intercepted by B?

crazyg33k
  • 165
  • 9
  • 1
    Try to write the code and look what happens, thats what i would do. – fonZ Sep 21 '12 at 19:51
  • The glibc `write` function is a wrapper to the real system call. – Basile Starynkevitch Sep 21 '12 at 19:52
  • Thank you, @JonathanCruz. These were hypothetical libraries I was talking about, and the behavior of the wrapper library in such a scenario would have been a deciding factor to see if I should go about writing it. However, I am now working on a smaller test case and now. I just thought turning to stackoverflow might give a quicker response :) – crazyg33k Sep 21 '12 at 19:58
  • OMG. A good question on SO. Upvoted. –  Sep 21 '12 at 20:01
  • Thank you, @BasileStarynkevitch. Again, `write()` was just an example that I brought up. I'm curious about the behavior of a wrapper to any system function, say `bar()`. – crazyg33k Sep 21 '12 at 20:05
  • 1
    Do you have access to the source code of your libraries? Are you expecting malicious behavior somewhere? Don't forget that a library could do a `write` syscall *without calling* any function (in particular the `write` function from Glibc wrapping the `write(2)` syscall) -e.g. just by a clever `asm` sequence using `sysenter`. See http://stackoverflow.com/a/11609768/841108 – Basile Starynkevitch Sep 21 '12 at 20:08
  • I do have access to the libraries that are in question. I am more concerned with the functionality than malicious behavior. In fact, I am looking for a solution in such a way that the function calls inside library A also get intercepted. – crazyg33k Sep 21 '12 at 20:14
  • Also, I'm concerned only with C-level wrappers, and not wrappers to syscalls. I should reword my question, thank you! I apologize if that caused any confusion. – crazyg33k Sep 21 '12 at 20:15
  • Actually, the answer to your question does not depend on `write` being a syscall wrapper. The linker (both the compile-time `ld` and the dynamic runtime `ld.so`) only works on *names* (symbols) and relocations (i.e. symbol occurrences). – Basile Starynkevitch Sep 21 '12 at 20:35

1 Answers1

2

If A is linked with -wrap=write, foo will call the wrapper. If it's not, it won't.

The same is true about calls to write in C. There's no difference whatsoever between A and C as far as calling write is concerned.

n. m. could be an AI
  • 112,515
  • 14
  • 128
  • 243