from Hacker News

A minimal, complete, and correct ELF file

by febeling on 2/3/24, 8:52 AM with 16 comments

  • by aengelke on 2/4/24, 2:19 PM

    Nice visualization of the ELF headers. However, the article has a few inaccuracies:

    - ELF files are used not only for executables, but also object files, shared libraries, and also coredumps. Different parts of the ELF format serve different purposes, although there is a lot of overlap.

    - The program headers don't state the location of .text, but indicate the area of the file that should be mapped into memory.

    - Dynamic linking doesn't require section headers. The dynamic loader (ld.so) parses the program headers for a PT_DYNAMIC entry, which refers to the .dynamic section (which in turn refers to .dynsym, .dynstr, .rela.dyn, .init_array, etc.).

    - Relocation sections (what is a relocation symbol?) are required for static linking, where every section with relocations gets its own relocation section, so .text gets .rela.text. Also, in object files, sections must use relocations to refer to other sections. Executables don't need to have relocations.

    - The alignment of PT_LOAD segments must be at least the page size: the kernel or loader will use mmap to map the file, so alignments smaller than the page size won't work.

    - The first section table entry must be of type SHT_NULL. The magic value SHN_UNDEF (=0) is used to refer to undefined symbols, so referring to the first section in, e.g., the symbol table, is not possible.

    Although not required for a minimal file, any "modern" ELF executable should have a PT_GNU_STACK program header with flags read+write, otherwise the stack will get mapped as executable memory region, thereby creating a large and often avoidable attack vector.

  • by bregma on 2/4/24, 12:16 PM

    This ELF file is not minimal. A loadable ELF file needs no sections at all. The section header table can be empty and the .shrstr section does not need to be present. The .text entry is a just a pointer into one of the LOAD segments and can also be eliminated.

  • by johndough on 2/4/24, 1:34 PM

    When trying to run this binary on a 64 bit Debian system, I get an error:

        echo 'f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAA+ABAAAAAAAAAAQAAAAAAAEAAAAAAAAAAAAAAAEAAOAABAEAAAgABAAEAAAABAAAABgAAAAAAAAD4AEAAAAAAAPgAAAAAAAAADgAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAHAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAGAQAAAAAAABEAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAUAAAD4AAAAAAAAAPgAQAAAAAAA+ABAAAAAAAAOAAAAAAAAAA4AAAAAAAAAABAAAAAAAABIx8A8AAAAvyoAAAAPBQAudGV4dAAuc2hzdHJ0YWIA' | base64 -d > main
    chmod +x main
    ./main

    # bash: ./main: cannot execute binary file: Exec format error
    Am I doing it incorrectly? I hope I copied the bytes correctly since copy & pasting from the website is a bit challenging.

  • by matheusmoreira on 2/4/24, 3:41 PM

    Related:

    The Really Teensy Linux ELF Executables Essays

    https://www.muppetlabs.com/~breadbox/software/tiny/

  • by llvnux on 2/4/24, 11:00 AM

    This is an amazing animation!

  • by a99c43f2d565504 on 2/4/24, 10:54 AM

    Very cool!