WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Commit 3840e3f

Browse files
ArusekkHackrrr
Arusekk
and
Hackrrr
committed
docs: warn that .libs/.libc/.maps are dangerous
Co-authored-by: Hackrrr <[email protected]>
1 parent 4968499 commit 3840e3f

File tree

1 file changed

+30
-3
lines changed

1 file changed

+30
-3
lines changed

pwnlib/elf/elf.py

Lines changed: 30 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -705,25 +705,52 @@ def non_writable_segments(self):
705705

706706
@property
707707
def libs(self):
708-
"""Dictionary of {path: address} for every library loaded for this ELF."""
708+
"""Dictionary of ``{path: address}`` for every library loaded for this ELF.
709+
710+
.. warning::
711+
712+
Getting this attribute actually runs the executable.
713+
Make sure that you trust the binary you are exploiting.
714+
If it adds itself as ``DT_NEEDED``, has overlapping segments,
715+
ambiguous headers, or employs text relocations, it can run arbitrary
716+
code even though you are just inspecting it.
717+
Running is the only reliable way to ensure all the libraries are
718+
loaded from the correct paths, because some of them may change
719+
loading logic.
720+
721+
Exploitability first noticed at CWTE CTF 2025.
722+
"""
709723
if self._libs is None:
710724
self._populate_libraries()
711725
return self._libs
712726

713727
@property
714728
def maps(self):
715-
"""Dictionary of {name: address} for every mapping in this ELF's address space."""
729+
"""Dictionary of ``{name: address}`` for every mapping in this ELF's address space.
730+
731+
.. warning::
732+
733+
Getting this attribute actually runs the executable.
734+
Make sure that you trust the binary you are exploiting
735+
(see :attr:`.ELF.libs`).
736+
"""
716737
if self._maps is None:
717738
self._populate_libraries()
718739
return self._maps
719740

720741
@property
721742
def libc(self):
722-
""":class:`.ELF`: If this :class:`.ELF` imports any libraries which contain ``'libc[.-]``,
743+
""":class:`.ELF`: If this :class:`.ELF` imports any libraries which contain ``/libc[.-]``,
723744
and we can determine the appropriate path to it on the local
724745
system, returns a new :class:`.ELF` object pertaining to that library.
725746
726747
If not found, the value will be :const:`None`.
748+
749+
.. warning::
750+
751+
Getting this attribute actually runs the executable.
752+
Make sure that you trust the binary you are exploiting
753+
(see :attr:`.ELF.libs`).
727754
"""
728755
for lib in self.libs:
729756
if '/libc.' in lib or '/libc-' in lib:

0 commit comments

Comments
 (0)