On Tue, Oct 29, 2013 at 03:10:50PM -0400, David Goulet wrote:
That would work if there is a way I can "differ" the hijack of the syscall symbol... Unfortunately, this is done at linking time thus during run time, the syscall symbol is already hijacked by torsocks.
Let say we don't try to lookup the syscall symbol, the issue is that the original syscall libc pointer will NOT exists within torsocks code so we can't handle call to syscall() because we can't route it to libc. :S
It's really that we get in a kind of "infinite loop" where dlsym calls syscall that calls dlsym and so on. But in the first place, we at least need the libc syscall symbol so we can handle them.
Might it be possible to use objcopy tricks like --prefix-string or --redefine-sym to make the exported version of syscall different from the imported version? Then the torsocks code could just call syscall() as a normal libc function, linked by ld.so, but when firefox called syscall, it would call torsocks's torsocks_syscall(), or something?
- Ian