Unable to mmap non-PIE ELF binaries

[athola]

Apologies if this is out-of-scope and willing to do some further testing on this, but encountered an issue where non-PIE ELF binaries cannot be loaded/executed due to the nature of the Interpreter loader. I get Inconsistency detected by ld.so: rtld.c: 1494: dl_main: Assertion 'GL(dl_rtld_map).l_libname' failed! when trying to bypass the is_pie assertion.

I've looked into the implementation here and am curious about viability of integrating something along these lines:

https://github.com/rapid7/mettle/blob/master/libreflect/src/map_elf.c

Please let me know if I can provide some assistance on this matter. I think being able to execute non-PIE binaries would be a huge win for this project, but I do understand the challenge associated with the task.

[io12]

I think the main challenge is that the fixed-offset might overlap userland-execve itself, so it needs to detect that and relocate (part of) itself before mapping the ELF. Does that match your understanding? Do you know of a better way? I might have to check how ld.so handles this when you run the interpreter manually, e.g. with /lib/ld-linux-x86-64.so.2 /bin/hello.

[io12]

I might have to check how ld.so handles this when you run the interpreter manually, e.g. with /lib/ld-linux-x86-64.so.2 /bin/hello.

I tried to look into this, and I'm pretty sure the answer is just that non-PIE binaries are (nearly?) always loaded at low addresses, and the kernel always loads PIE libraries at high addresses, so they don't overlap, and the runtime dynamic linker is always PIE. This probably doesn't help here, because ideally userland-execve itself shouldn't need to be PIE to work.