From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.web.de (mout.web.de [212.227.17.12]) by sourceware.org (Postfix) with ESMTPS id 0CF3C3890401 for ; Sun, 17 Jan 2021 07:07:35 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 0CF3C3890401 X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Received: from localhost ([213.55.224.202]) by smtp.web.de (mrweb106 [213.165.67.124]) with ESMTPSA (Nemesis) id 1Mav2X-1lbTdl0mBX-00cObR for ; Sun, 17 Jan 2021 08:07:34 +0100 Date: Sun, 17 Jan 2021 08:07:32 +0100 From: Andreas Fink To: libc-help@sourceware.org Subject: Hooking execve for an LD_PRELOAD library X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID: <1MiMEW-1lf4081KQ2-00fS4y@smtp.web.de> X-Provags-ID: V03:K1:hfuVMYY/EmXGWObUtuZTPQv/XG67WkRVNZrEUoTOBRzxZzD+2b1 zU/RvDU5iXKJaUlcLhSkSeIDXBvi1msWPkf7ceV9e2M5AEcL1k9c0Tl9h/vJ8PQzOaQJSkc eQHPJWhOb9uj/+dCWImhuF2l57fwyP4++RGMJa41e8VN67lNKbvLYPYAGEAhpIhAwZ0aD+0 UuNmljkI65g73J9U9yZYA== X-UI-Out-Filterresults: notjunk:1;V03:K0:z248o0OxL2A=:rRGduL63OprHdLOguJjAjD lelNwjL8MV0FV+avL4VN51snmwRTBXtd+f+1PB7WjyKwrMSMLcqmSEEgETupPIrgqzQTXEJkt MD/6p00ze3VKNTb7lhLWVuyOw6zENtTP2dmEVi6AaKlVdnO/G2Hj6nz87J+XboGUej5O/fqT8 HrgUUEjCbEFzIP+ZXHgxG21OZRJ+0eQZNdmPBHacFfzpN+R8EXz6Fzp84ih18TNsKUbDEIex3 oRZYXg0aYiZlc/O8vW5qyJWYkZVH92YfVWwTOY8UiU1ijaynS0YKfzOiGuVGzP5hMIoAZESOF nipknApSnlnPBhoLCGcUeY2ilp0ZuU7pPoFMml6I8zulgl0Um6noee7PlBbdsEv6EtDmhEd4z XB0fYhqqLXvxHhkSeIDqTTP+9LRKIygEKho8j3ucxKcgKULt+TYlK8TSzfmjXA2BDGrbblQVY iUyl1F9vTpT7INijnmDVHNjAmkOY1ara1b124Q3L5wec3rZfFdhsR7xtixkoFbcnb4meC77sN Bk/VRwx6NwWCpkB8iH4nJ32qY/dhkKNnHLve3xiHha6bYwnr+To7uzmXNmO70H/io4XTYuW/Z wh1LgI0HQLiXlJ6Si7RtPypVhopohPXogkLrmGQiKAOpPgTxp7KmiUrjhgsjRwhd4pbWQiYfz NdmILwXQY3tnpjX83g9V7lBG2rvMEKo/0q/JCR1rVwJci/+thV7kwsY3A1H+zFkTb5WNqFR6u k88ARywRlqnUK/4llNO33TL29pa873EmTGVhzc5vrE0fgn5T55a9jpV6H1vDITP3TFCtT8b8n 6dsvuMWMDK5O2pWqpHrTun6e9qtEtU2Pe8yME2PuR0Me8p8tNS7OCzqO1j7R4u2bZVX+wmthe cVvyHTXEra86vMx40kmQ== X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-help@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-help mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Jan 2021 07:07:37 -0000 Hello, I would like to hook a call to execve, and have the code: ############### execve_override.c ###################### #define _GNU_SOURCE #include #include int (*real_execve)(const char *pathname, char *const argv[], char *const envp[])=NULL; int execve(const char *pathname, char *const argv[], char *const envp[]) { if (real_execve==NULL) { real_execve = dlsym(RTLD_NEXT, "execve"); } FILE* logfile = fopen("/tmp/execve_override.log", "a"); fprintf(logfile, "intercepted execve for %s\n", pathname); fclose(logfile); return real_execve(pathname, argv, envp); } ############################################################ I compiled it: gcc -o libexecve_override.so -shared -fPIC execve_override.c -ldl and start an executable that calls execve: LD_PRELOAD=/path/to/libexecve_override.so my_binary_calling_execve Up to this point everything works as expected. The call to execve is hooked, logged in the file /tmp/execve_override.log and forwarded to the next execve implementation. I compiled my executable without any specific flags, i.e. a vanilla: gcc test_exec.c Now I would like the same for execvp to happen. Reading the man page of execvp it is mentioned that exec-family functions are just frontends to execve, so I replaced in my executable source code the explicit call to execve with a call to execvp. I expected that this would just work, as execvp would in turn call execve and this would be caught by the hook, then logged and forwarded to the real implementation. But to my surprise no such thing happened. execvp would run successfully, but my hook would never be called. Why is the hook not called, what did I miss? Thanks for any help Andreas