Remap shared library

I have a running process which use a shared library.

Is there a way to remap the shared library to another virtual address and munmap the old one, update the process address to the new shared object address and continue running?

Answers


Certainly not while the process is running, if it isn't prepared to do it. Remember that the shared library code is one thing, data structures within the shared library are another. Pointers to statically defined data structures within the library might be present just anywhere in your process, and you have just no way to change them.

Now if you're trying to write a new program that should allow this, it shouldn't be too hard. Don't have static dependencies on the shared library, open it using dlopen() and get the functions with dlsym(). Have your process catch some signal like SIGUSR1, and in the signal handler (better: at some safe point in your main loop that detects a flag that your signal handler sets when invoked) throw away the old library, load the new one, and adjust the symbols accordingly.


If you know that the shared library isn't being executed (i.e. not in the call stack somewhere), it's fairly easy to do this. Just dlclose() the library and then dlopen() it again. If you need a handle to the library, you can dlopen() it yourself then close it twice. I believe that will work, as the refcount will hit zero and the library will be unmapped (unless initially loaded libraries are special-cased in some way). If you can avoid a link-time dependency on the shared library (just call dlopen in an ELF constructor function), this will definitely work.

If you're manually loading the new library (if, say, you want to be able to choose its load address), you can simply overwrite the PLT entries yourself. I wrote a tool which does something very similar https://github.com/dwks/asyncsafe. If you overwrite every PLT entry to point back at the resolution function, then lazy symbol loading will happen again automatically; or, you can resolve them all yourself.

I'm sure you're aware of the Blind ROP academic attack (http://www.scs.stanford.edu/~abelay/pdf/bittau:brop.pdf). There are several defenses to this attack which do what you are proposing, try searching the literature.


Need Your Help

jquery - too much recursion - if.clause

jquery events if-statement submit clause

before a submit-action is fired i´m doing a little check before: