diff options
author | Leah Neukirchen <leah@vuxu.org> | 2017-07-31 16:16:02 +0200 |
---|---|---|
committer | Leah Neukirchen <leah@vuxu.org> | 2017-07-31 16:18:16 +0200 |
commit | 6efb555132586352958e2d91bc6ec06444ac7c3d (patch) | |
tree | 614b01691af1b174f0c60106bb96357198fb22b5 | |
parent | 22d7580b77beef5ca4311c6da9d7562a6ce73ee0 (diff) | |
download | fail-0.1.tar.gz fail-0.1.tar.xz fail-0.1.zip |
crash on dlopen v0.1
-rw-r--r-- | README | 5 | ||||
-rw-r--r-- | fail.1 | 7 | ||||
-rw-r--r-- | fail.c | 14 |
3 files changed, 25 insertions, 1 deletions
diff --git a/README b/README index c0ab3f2..025f93e 100644 --- a/README +++ b/README @@ -10,6 +10,9 @@ DESCRIPTION fail crashes in various possible ways to help you debug how other software reacts to this. + In addition to the crashes below, fail will also cause a segmentation + fault when its binary is loaded using dlopen(3) or LD_PRELOAD. + The options are as follows: -1 Return with exit status -1. @@ -54,6 +57,6 @@ LICENSE To the extent possible under law, the creator of this work has waived all copyright and related or neighboring rights to this work. - http://creativecommons.org/publicdomain/zero/1.0/ + http://creativecommons.org/publicdomain/zero/1.0/ Void Linux July 14, 2017 Void Linux diff --git a/fail.1 b/fail.1 index c47fbd5..c5af510 100644 --- a/fail.1 +++ b/fail.1 @@ -12,6 +12,13 @@ crashes in various possible ways to help you debug how other software reacts to this. .Pp +In addition to the crashes below, +.Nm +will also cause a segmentation fault when its binary is loaded using +.Xr dlopen 3 +or +.Ev LD_PRELOAD . +.Pp The options are as follows: .Bl -tag -width Ds .It Fl 1 diff --git a/fail.c b/fail.c index a08253a..90f6cb7 100644 --- a/fail.c +++ b/fail.c @@ -2,6 +2,7 @@ #include <linux/seccomp.h> +#include <sys/auxv.h> #include <sys/prctl.h> #include <sys/ptrace.h> #include <sys/stat.h> @@ -20,6 +21,19 @@ segfault() *nullp = 42; } +void _start(); + +__attribute__((__constructor__)) +void +dlcrash() +{ + volatile int *nullp = 0; + + // don't trigger if we are executed as a program + if (getauxval(AT_ENTRY) != (unsigned long)_start) + *nullp = 1337; +} + // can lockup your machine void oom() |