Re: [MacPorts] #66358: sip-workaround / trace mode no longer works on arm64 macOS ≥ 13 due to new security features
MacPorts
noreply at macports.org
Thu Nov 14 20:35:17 UTC 2024
#66358: sip-workaround / trace mode no longer works on arm64 macOS ≥ 13 due to new
security features
-------------------------+------------------------------------------
Reporter: reneeotten | Owner: Clemens Lang <neverpanic@…>
Type: defect | Status: reopened
Priority: Normal | Milestone:
Component: base | Version:
Resolution: | Keywords: arm64 ventura sonoma sequoia
Port: |
-------------------------+------------------------------------------
Comment (by neverpanic):
It seems it was indeed `BIND_OPCODE_THREADED`; I've obtained a copy of
`/bin/ln` from 14.6 and put it into lief, and here's its representation of
the bind opcodes:
{{{
In [6]: print(ln.dyld_info.show_bind_opcodes)
[THREADED]
[SET_BIND_ORDINAL_TABLE_SIZE_ULEB]
Ordinal table size := 30
[SET_DYLIB_ORDINAL_IMM]
Library Ordinal := 1
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := ___chkstk_darwin
Is Weak ? false
[SET_TYPE_IMM]
Type := POINTER
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := ___error
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := ___memcpy_chk
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := ___stack_chk_fail
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := ___stack_chk_guard
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := ___stderrp
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := ___stdoutp
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := ___strlcpy_chk
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _basename
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _dirname
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _err
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _exit
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _fflush
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _fprintf
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _fwrite
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _getchar
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _getopt
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _linkat
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _lstat
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _optind
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _printf
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _rmdir
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _snprintf
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _stat
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _strcmp
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _strrchr
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _symlink
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _unlink
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _warn
Is Weak ? false
[SET_SYMBOL_TRAILING_FLAGS_IMM]
Symbol name := _warnx
Is Weak ? false
[SET_SEGMENT_AND_OFFSET_ULEB]
Segment := __DATA_CONST
Segment Offset := 0
[THREADED]
[APPLY]
threaded_bind(THREADED_BIND/POINTER, 0x0, __DATA_CONST, ___error,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x8)
threaded_bind(THREADED_BIND/POINTER, 0x8, __DATA_CONST,
___memcpy_chk, library_ordinal=/usr/lib/libSystem.B.dylib, addend=0,
is_weak_import=0)
Segment Offset += 0x8 (0x10)
threaded_bind(THREADED_BIND/POINTER, 0x10, __DATA_CONST,
___stack_chk_fail, library_ordinal=/usr/lib/libSystem.B.dylib, addend=0,
is_weak_import=0)
Segment Offset += 0x8 (0x18)
threaded_bind(THREADED_BIND/POINTER, 0x18, __DATA_CONST,
___strlcpy_chk, library_ordinal=/usr/lib/libSystem.B.dylib, addend=0,
is_weak_import=0)
Segment Offset += 0x8 (0x20)
threaded_bind(THREADED_BIND/POINTER, 0x20, __DATA_CONST,
_basename, library_ordinal=/usr/lib/libSystem.B.dylib, addend=0,
is_weak_import=0)
Segment Offset += 0x8 (0x28)
threaded_bind(THREADED_BIND/POINTER, 0x28, __DATA_CONST, _dirname,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x30)
threaded_bind(THREADED_BIND/POINTER, 0x30, __DATA_CONST, _err,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x38)
threaded_bind(THREADED_BIND/POINTER, 0x38, __DATA_CONST, _exit,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x40)
threaded_bind(THREADED_BIND/POINTER, 0x40, __DATA_CONST, _fflush,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x48)
threaded_bind(THREADED_BIND/POINTER, 0x48, __DATA_CONST, _fprintf,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x50)
threaded_bind(THREADED_BIND/POINTER, 0x50, __DATA_CONST, _fwrite,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x58)
threaded_bind(THREADED_BIND/POINTER, 0x58, __DATA_CONST, _getchar,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x60)
threaded_bind(THREADED_BIND/POINTER, 0x60, __DATA_CONST, _getopt,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x68)
threaded_bind(THREADED_BIND/POINTER, 0x68, __DATA_CONST, _linkat,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x70)
threaded_bind(THREADED_BIND/POINTER, 0x70, __DATA_CONST, _lstat,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x78)
threaded_bind(THREADED_BIND/POINTER, 0x78, __DATA_CONST, _printf,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x80)
threaded_bind(THREADED_BIND/POINTER, 0x80, __DATA_CONST, _rmdir,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x88)
threaded_bind(THREADED_BIND/POINTER, 0x88, __DATA_CONST,
_snprintf, library_ordinal=/usr/lib/libSystem.B.dylib, addend=0,
is_weak_import=0)
Segment Offset += 0x8 (0x90)
threaded_bind(THREADED_BIND/POINTER, 0x90, __DATA_CONST, _stat,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0x98)
threaded_bind(THREADED_BIND/POINTER, 0x98, __DATA_CONST, _strcmp,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0xa0)
threaded_bind(THREADED_BIND/POINTER, 0xa0, __DATA_CONST, _strrchr,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0xa8)
threaded_bind(THREADED_BIND/POINTER, 0xa8, __DATA_CONST, _symlink,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0xb0)
threaded_bind(THREADED_BIND/POINTER, 0xb0, __DATA_CONST, _unlink,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0xb8)
threaded_bind(THREADED_BIND/POINTER, 0xb8, __DATA_CONST, _warn,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0xc0)
threaded_bind(THREADED_BIND/POINTER, 0xc0, __DATA_CONST, _warnx,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0xc8)
threaded_bind(THREADED_BIND/POINTER, 0xc8, __DATA_CONST,
___stack_chk_guard, library_ordinal=/usr/lib/libSystem.B.dylib, addend=0,
is_weak_import=0)
Segment Offset += 0x8 (0xd0)
threaded_bind(THREADED_BIND/POINTER, 0xd0, __DATA_CONST,
___stderrp, library_ordinal=/usr/lib/libSystem.B.dylib, addend=0,
is_weak_import=0)
Segment Offset += 0x8 (0xd8)
threaded_bind(THREADED_BIND/POINTER, 0xd8, __DATA_CONST,
___stdoutp, library_ordinal=/usr/lib/libSystem.B.dylib, addend=0,
is_weak_import=0)
Segment Offset += 0x8 (0xe0)
threaded_bind(THREADED_BIND/POINTER, 0xe0, __DATA_CONST, _lstat,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0xe8)
threaded_bind(THREADED_BIND/POINTER, 0xe8, __DATA_CONST, _optind,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0xf0)
threaded_bind(THREADED_BIND/POINTER, 0xf0, __DATA_CONST, _stat,
library_ordinal=/usr/lib/libSystem.B.dylib, addend=0, is_weak_import=0)
Segment Offset += 0x8 (0xf8)
threaded_bind(THREADED_BIND/POINTER, 0xf8, __DATA_CONST,
___chkstk_darwin, library_ordinal=/usr/lib/libSystem.B.dylib, addend=0,
is_weak_import=0)
Segment Offset += 0x0 (0xf8)
[DONE]
}}}
The exec via dlopen thing is a nice idea, but I'm not sure it's worth
going down that route given the comment https://github.com/apple-oss-
distributions/dyld/blob/dyld-940/dyld/DyldAPIs.cpp#L1248 you linked — it
may just eventually stop working, at which point we'd be stuck mmap(2)ing
the memory ourselves and shipping a patched dyld to do the same work.
I'm considering whether we could possibly use LIEF (see
https://lief.re/doc/latest/tutorials/11_macho_modification.html#when-
mach-o-makes-thing-harder) to do the required re-writing; I wouldn't want
to ship a copy of that in MacPorts base, but we could probably make
something happen where trace mode uses a tool installed by a port to do
the necessary binary mangling. I'll take a look at that option.
--
Ticket URL: <https://trac.macports.org/ticket/66358#comment:70>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list