Difference between pages "File:Snapshot-gnuplot-bars-wxt.png" and "Run vlc as root"
From Linuxintro
(Difference between pages)
imported>ThorstenStaerk |
imported>ThorstenStaerk (Created page with "vlc always exits when I call it as root. Here is how I change this behavior: gdb /usr/bin/vlc (gdb) info functions All defined functions: Non-debugging symbols: [....") |
||
Line 1: | Line 1: | ||
+ | [[vlc]] always exits when I call it as root. Here is how I change this behavior: | ||
+ | [[gdb]] /usr/bin/vlc | ||
+ | (gdb) info functions | ||
+ | All defined functions: | ||
+ | |||
+ | Non-debugging symbols: | ||
+ | [...] | ||
+ | 0x0000000000400f40 geteuid | ||
+ | [...] | ||
+ | Let's break in the function to get the effective user identity: | ||
+ | (gdb) break geteuid | ||
+ | Breakpoint 1 at 0x400f40 | ||
+ | Let's start the program to run till the first breakpoint: | ||
+ | (gdb) run | ||
+ | Starting program: /usr/bin/vlc | ||
+ | |||
+ | Breakpoint 1, 0x00007ffff71cfc70 in geteuid () from /lib64/libc.so.6 | ||
+ | ok, let's trace the program one command at a time: | ||
+ | (gdb) stepi | ||
+ | 0x00007ffff71cfc75 in geteuid () from /lib64/libc.so.6 | ||
+ | (gdb) stepi | ||
+ | 0x00007ffff71cfc77 in geteuid () from /lib64/libc.so.6 | ||
+ | (gdb) | ||
+ | 0x0000000000401103 in ?? () | ||
+ | (gdb) | ||
+ | 0x0000000000401105 in ?? () | ||
+ | (gdb) | ||
+ | Ok, let's look at this program part with a disassembler: | ||
+ | [[objdump]] -d -M intel /usr/bin/vlc | ||
+ | [...] | ||
+ | 4010f9: e8 32 0a 00 00 call 401b30 <unsetenv> | ||
+ | 4010fe: e8 3d fe ff ff call 400f40 <geteuid@plt> | ||
+ | 401103: 85 c0 test eax,eax | ||
+ | 401105: 0f 84 04 06 00 00 je 40170f <fflush@plt+0x66f> | ||
+ | 40110b: be ca 1f 40 00 mov esi,0x401fca | ||
+ | 401110: bf 06 00 00 00 mov edi,0x6 | ||
+ | [...] | ||
+ | Wow, it seems as if 4010fe calls geteuid, 401103 prepares a conditional jump and 401105 jumps if equal somewhere. So we call a [[hexeditor]]: | ||
+ | okteta /usr/bin/vlc | ||
+ | and replace | ||
+ | 0f 84 04 06 00 00 | ||
+ | by some instructions to wait: | ||
+ | 90 90 90 90 90 90 | ||
+ | When calling vlc now as root, it does not abort :) | ||
+ | Also, once the following worked: | ||
+ | sed -<abbr title="in-place edit in the file">i</abbr><abbr title="extended regular expressions">r</abbr> "s/\x0f\x84..../\x90\x90\x90\x90\x90\x90/g" vlc |
Revision as of 05:57, 11 February 2013
vlc always exits when I call it as root. Here is how I change this behavior:
gdb /usr/bin/vlc (gdb) info functions All defined functions: Non-debugging symbols: [...] 0x0000000000400f40 geteuid [...]
Let's break in the function to get the effective user identity:
(gdb) break geteuid Breakpoint 1 at 0x400f40
Let's start the program to run till the first breakpoint:
(gdb) run Starting program: /usr/bin/vlc Breakpoint 1, 0x00007ffff71cfc70 in geteuid () from /lib64/libc.so.6
ok, let's trace the program one command at a time:
(gdb) stepi 0x00007ffff71cfc75 in geteuid () from /lib64/libc.so.6 (gdb) stepi 0x00007ffff71cfc77 in geteuid () from /lib64/libc.so.6 (gdb) 0x0000000000401103 in ?? () (gdb) 0x0000000000401105 in ?? () (gdb)
Ok, let's look at this program part with a disassembler:
objdump -d -M intel /usr/bin/vlc [...] 4010f9: e8 32 0a 00 00 call 401b30 <unsetenv> 4010fe: e8 3d fe ff ff call 400f40 <geteuid@plt> 401103: 85 c0 test eax,eax 401105: 0f 84 04 06 00 00 je 40170f <fflush@plt+0x66f> 40110b: be ca 1f 40 00 mov esi,0x401fca 401110: bf 06 00 00 00 mov edi,0x6 [...]
Wow, it seems as if 4010fe calls geteuid, 401103 prepares a conditional jump and 401105 jumps if equal somewhere. So we call a hexeditor:
okteta /usr/bin/vlc
and replace
0f 84 04 06 00 00
by some instructions to wait:
90 90 90 90 90 90
When calling vlc now as root, it does not abort :)
Also, once the following worked:
sed -ir "s/\x0f\x84..../\x90\x90\x90\x90\x90\x90/g" vlc
File history
Click on a date/time to view the file as it appeared at that time.
Date/Time | Thumbnail | Dimensions | User | Comment | |
---|---|---|---|---|---|
current | 14:34, 13 January 2021 | 484 × 357 (29 KB) | Maintenance script (talk | contribs) |
You cannot overwrite this file.
File usage
The following page uses this file: