Build lfi-static-bind:
meson setup build
cd build
ninja
Build sandbox/stub.elf and sandbox/host.so (requires mold):
$ make -C sandbox
clang -shared -fPIC host.c -O2 -o host.so -fuse-ld=mold -Wl,--spare-program-headers=7
x86_64-lfi-linux-musl-clang add.c stub.c -O2 -o stub.elf -static-pie
Dump info for stub and host:
$ readelf --segments sandbox/stub.elf
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000000040 0x0000000000000040
0x00000000000001f8 0x00000000000001f8 R 0x8
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x00000000000003d4 0x00000000000003d4 R 0x1000
LOAD 0x0000000000001000 0x0000000000001000 0x0000000000001000
0x000000000000154d 0x000000000000154d R E 0x1000
LOAD 0x0000000000003000 0x0000000000003000 0x0000000000003000
0x0000000000000158 0x0000000000001000 RW 0x1000
LOAD 0x0000000000003158 0x0000000000004158 0x0000000000004158
0x0000000000000010 0x0000000000000280 RW 0x1000
DYNAMIC 0x0000000000003010 0x0000000000003010 0x0000000000003010
0x0000000000000120 0x0000000000000120 RW 0x8
GNU_RELRO 0x0000000000003000 0x0000000000003000 0x0000000000003000
0x0000000000000158 0x0000000000001000 R 0x1
GNU_EH_FRAME 0x0000000000000318 0x0000000000000318 0x0000000000000318
0x000000000000002c 0x000000000000002c R 0x4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x0
$ readelf --segments sandbox/host.so
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000000040 0x0000000000000040
0x00000000000003b8 0x00000000000003b8 R 0x8
NOTE 0x00000000000003f8 0x00000000000003f8 0x00000000000003f8
0x0000000000000024 0x0000000000000024 R 0x4
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x00000000000006a0 0x00000000000006a0 R 0x1000
LOAD 0x00000000000006a0 0x00000000000016a0 0x00000000000016a0
0x0000000000000141 0x0000000000000141 R E 0x1000
LOAD 0x00000000000007e8 0x00000000000027e8 0x00000000000027e8
0x00000000000001f8 0x0000000000000818 RW 0x1000
LOAD 0x00000000000009e0 0x00000000000039e0 0x00000000000039e0
0x0000000000000028 0x0000000000000029 RW 0x1000
DYNAMIC 0x00000000000007e8 0x00000000000027e8 0x00000000000027e8
0x00000000000001c0 0x00000000000001c0 RW 0x8
GNU_EH_FRAME 0x0000000000000684 0x0000000000000684 0x0000000000000684
0x0000000000000014 0x0000000000000014 R 0x4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x1
GNU_RELRO 0x00000000000007e8 0x00000000000027e8 0x00000000000027e8
0x00000000000001f8 0x0000000000000818 R 0x1
NULL 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 0x0
NULL 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 0x0
NULL 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 0x0
NULL 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 0x0
NULL 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 0x0
NULL 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 0x0
NULL 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 0x0
Build host_combined.so:
./build/lfi-static-bind sandbox/stub.elf sandbox/host.so -o host_combined.so
Dump info for host_combined.so:
$ readelf --segments host_combined.so
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000000040 0x0000000000000040
0x00000000000003b8 0x00000000000003b8 R 0x8
NOTE 0x00000000000003f8 0x00000000000003f8 0x00000000000003f8
0x0000000000000024 0x0000000000000024 R 0x4
LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x00000000000006a0 0x00000000000006a0 R 0x1000
LOAD 0x00000000000006a0 0x00000000000016a0 0x00000000000016a0
0x0000000000000141 0x0000000000000141 R E 0x1000
LOAD 0x00000000000007e8 0x00000000000027e8 0x00000000000027e8
0x00000000000001f8 0x0000000000000818 RW 0x1000
LOAD 0x00000000000009e0 0x00000000000039e0 0x00000000000039e0
0x0000000000000028 0x0000000000000029 RW 0x1000
DYNAMIC 0x00000000000007e8 0x00000000000027e8 0x00000000000027e8
0x00000000000001c0 0x00000000000001c0 RW 0x8
GNU_EH_FRAME 0x0000000000000684 0x0000000000000684 0x0000000000000684
0x0000000000000014 0x0000000000000014 R 0x4
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 0x1
GNU_RELRO 0x00000000000007e8 0x00000000000027e8 0x00000000000027e8
0x00000000000001f8 0x0000000000000818 R 0x1
LOAD 0x0000000000000000 0x0000000000004000 0x0000000000004000
0x0000000000000000 0x0000000000014000 0x1000
LOAD 0x0000000000000000 0x0000000000018000 0x0000000000018000
0x0000000000000000 0x0000000000001000 RW 0x1000
LOAD 0x0000000000002000 0x0000000000019000 0x00000000000003f8
0x00000000000003d4 0x00000000000003d4 R 0x1000
LOAD 0x0000000000003000 0x000000000001a000 0x0000000000000000
0x000000000000154d 0x000000000000154d R E 0x1000
LOAD 0x0000000000005000 0x000000000001c000 0x00000000000016a0
0x0000000000000158 0x0000000000001000 RW 0x1000
LOAD 0x0000000000005158 0x000000000001d158 0x00000000000027e8
0x0000000000000010 0x0000000000000280 RW 0x1000
LOAD 0x0000000000000000 0x000000000001e000 0x000000000001e000
0x0000000000000000 0x000000010000f000 0x1000