0

I have a static compiled program called (example 'busybox'). Busybox (or a another file) doesn't need any library file. So that means in theory I can run busybox everywhere with a linux kernel (without glibc files or another library files at runtime). Now is my plan to run busybox in jail (chroot) on a directory doesn't have libraries or any resource and that is possible because 'busybox' is static compiled. (I'm root, or have root access) My idea is too make a gate (like a memory I/O address to access the executable, or that executable loaded in the memory). First I create the gate (a memory address) where the program begins (a shared memory address that a child process can use). Loaded from the busybox executable. I use mprotect too make the file executable and then I run fork() in C, That subprocess runs chroot too change the root directory and jails himself. Then for security he changes the user to a non-root user without sudo access and has access to the directorys with setuid and setgid. And then the program runs the loaded program in memory with arguments provided from the parent. (the jailer that jails the busybox is also static compiled)

Yes, it is possible to run executable from memory:

How can i execute an executable from memory?

Only the problem is, how to run that memory executable with command line arguments?

Reindert
  • 3
  • 2
  • 1
    Maybe it's a question for stackexchange or serverfault.com? I don't see any reason to discuss busybox code modifications here. – Krassi Em Dec 03 '18 at 19:28
  • I want to write a program for that, and busybox is only a example – Reindert Dec 03 '18 at 19:33
  • Maybe this question will give a hint. I'm thinking you need construct the stack for your program before passing execution to it. https://stackoverflow.com/questions/4196201/where-are-c-c-main-functions-parameters – Jason Brown Dec 03 '18 at 20:10
  • `then the program runs the loaded program in memory with arguments provided from the parent` how does he do that? How does he do the "run the loaded program" part? Can you show the code? – KamilCuk Dec 03 '18 at 22:57

1 Answers1

0

how to run that memory executable with command line arguments?

All programs start with int main(int argc, char *argv[]) (or int main(int argc, char *argv[], char *env[])) (or implementation defined main). Just call your memory using a proper function pointer type and populate arguments for it, just like a shell or system command would do.

int main() {
   // blablabla fork + mprotect + chroot + setuid + setgid
   const char memory[] = "this is the source for your statically compiled program";
   int (*memory_main(int argc, char *argv[])) = (void*)memory;
   int argc = 3;
   char argv_0[] = "memory_main";
   char argv_1[] = "first arg";
   char argv_2[] = "second arg";
   char *argc[] = { argv_0, argv_1, argv_2, NULL };
   return memory_main(argv, argc);
}
KamilCuk
  • 120,984
  • 8
  • 59
  • 111
  • Good solution, but all programs start with _start not main. Main is called by startup files. They collect the arguments and argc. And then they call main. This won't work for programs without main. This won't work for stripped static programs like 'busybox'. – Reindert Dec 04 '18 at 10:11
  • Oooch. Then you should go to your `_start` implementation (crt0.o? [crtbegin.S](https://github.com/gcc-mirror/gcc/blob/master/libgcc/config/ia64/crtbegin.S)?) on your system and see how does it setup the stack. If it does like on x86_64 like on [wiki](https://en.wikipedia.org/wiki/Crt0) just push argv to o %rdi and argc to %rsi. something along `arm("mov %rdi, %0\n\t mov %rsi, %1" : "r" (argc) : "r" (argv));` using gcc. – KamilCuk Dec 04 '18 at 12:17