Revision history [back]

SB2 relies heavily on hooking of glibc public api's to provide development functionalities for individual targets.

Glibc has a "dark" side to it, however - an "internal" (private) api, which for ther glibc-related reasons exist; which provides private versions of the public api's which usually are hooked by SB2. As the symbols of this api are private, they cant be hooked by SB2. So you have glibc working black magic behind the scenes (the spawn api is a good example for that).

I personally have encoutered this problem on x86 target. I don't know if it exists on ARM; but given the code of glibc is the same, i guess it should?

An example, the sem_open instruction:

https://bugs.merproject.org/show_bug.cgi?id=2000

And if you care to throw a read (tl;dr;), here's the story :

http://kastlunger.blogspot.com/2019/04/lets-do-time-warp-again-or-compile-llvm.html

SB2 relies heavily on hooking of glibc public api's to provide development functionalities for individual targets.

Glibc has a "dark" side to it, however - an "internal" (private) api, api (prefixed with __libc), which for ther glibc-related reasons exist; which provides private versions of the public api's which usually are hooked by SB2. As the symbols of this api are private, they cant be hooked by SB2. So you have glibc working black magic behind the scenes (the spawn api is a good example for that).

I personally have encoutered this problem on x86 target. I don't know if it exists on ARM; but given the code of glibc is the same, i guess it should?

An example, the sem_open instruction:

https://bugs.merproject.org/show_bug.cgi?id=2000

And if you care to throw a read (tl;dr;), here's the story :

http://kastlunger.blogspot.com/2019/04/lets-do-time-warp-again-or-compile-llvm.html

I personally have encoutered this problem on x86 target. I don't know if it exists on ARM; but given the code of glibc is the same, i guess it should?

SB2 relies heavily on hooking of glibc public api's to provide development functionalities for individual targets.

Glibc has a "dark" side to it, however - an "internal" (private) api (prefixed with __libc), which for ther glibc-related reasons exist; which provides private versions of the public api's which usually are hooked by SB2. As the symbols of this api are private, they cant be hooked by SB2. So you have glibc working black magic behind the scenes (the spawn api is a good example for that).

the same, i guess it should?

An example, the sem_open instruction:

https://bugs.merproject.org/show_bug.cgi?id=2000

And if you care to throw a read (tl;dr;), here's the story :

http://kastlunger.blogspot.com/2019/04/lets-do-time-warp-again-or-compile-llvm.html

I personally have encoutered this problem on x86 target. I don't know if it exists on ARM; but given the code of glibc is the same, i guess it should?

SB2 relies heavily on hooking of glibc public api's to provide development functionalities for individual targets.

Glibc has a "dark" side to it, however - an "internal" (private) api (prefixed with __libc), which for ther other glibc-related reasons exist; which exist; this api provides private versions of the public api's which usually are hooked by SB2. SB2.

As the symbols of this api are private, they cant be hooked by SB2. So you have glibc working black magic behind the scenes (the spawn api is a good example for that).

An example, the sem_open instruction:

https://bugs.merproject.org/show_bug.cgi?id=2000

And if you care to throw a read (tl;dr;), here's the story :

http://kastlunger.blogspot.com/2019/04/lets-do-time-warp-again-or-compile-llvm.html

I personally have encoutered this problem on x86 target. I don't know if it exists on ARM; but given the code of glibc is the same, i guess it should?should? Note also that this bug appears only on SB2, not on real devices.

SB2 relies heavily on hooking of glibc public api's to provide development functionalities for individual targets.

Glibc has a "dark" side to it, however - an "internal" (private) api (prefixed with __libc), which for other glibc-related reasons exist; this api provides private versions of the public api's which usually are hooked by SB2.

As the symbols of this api are private, they cant be hooked by SB2. So you have glibc working black magic behind the scenes (the spawn api is a good example for that).scenes.

An example, the sem_open instruction:

https://bugs.merproject.org/show_bug.cgi?id=2000

Another example is the spawn api.

And if you care to throw a read (tl;dr;), here's the story :

http://kastlunger.blogspot.com/2019/04/lets-do-time-warp-again-or-compile-llvm.html

I personally have encoutered this problem on x86 target. I don't know if it exists on ARM; but given the code of glibc is the same, i guess it should? Note also that this bug appears only on SB2, not on real devices.

SB2 relies heavily on hooking of glibc public api's to provide development functionalities for individual targets.

Glibc has a "dark" side to it, however - an "internal" (private) api (prefixed with __libc), which for other glibc-related reasons exist; this api provides private versions of the public api's which usually are hooked by SB2.

As the symbols of this api are private, they cant be hooked by SB2. So you have glibc working black magic behind the scenes.

An example, the sem_open instruction:function:

https://bugs.merproject.org/show_bug.cgi?id=2000

Another example is the spawn api.

And if you care to throw a read (tl;dr;), here's the story :

http://kastlunger.blogspot.com/2019/04/lets-do-time-warp-again-or-compile-llvm.html

I personally have encoutered this problem on x86 target. I don't know if it exists on ARM; but given the code of glibc is the same, i guess it should? Note also that this bug appears only on SB2, not on real devices.

SB2 relies heavily on hooking of glibc public api's to provide development functionalities for individual targets.

Glibc has a "dark" side to it, however - an "internal" (private) api (prefixed with __libc), which for other glibc-related reasons exist; this api provides private versions of the public api's which usually are hooked by SB2.

As the symbols of this api are private, they cant be hooked by SB2. So you have glibc working black magic behind the scenes.

An example, the sem_open function:

https://bugs.merproject.org/show_bug.cgi?id=2000

Another example is the spawn api.

And if you care to throw a read (tl;dr;), here's the story :

http://kastlunger.blogspot.com/2019/04/lets-do-time-warp-again-or-compile-llvm.html