Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Detect ELF package notes from fedora binaries #2713

Closed
wagoodman opened this issue Mar 13, 2024 · 0 comments · Fixed by #2939
Closed

Detect ELF package notes from fedora binaries #2713

wagoodman opened this issue Mar 13, 2024 · 0 comments · Fixed by #2939
Assignees
@wagoodman
Labels
enhancement New feature or request
Milestone
Elevate binary ar...

Comments

@wagoodman
Copy link
Contributor

wagoodman commented Mar 13, 2024
edited
Loading

#2396 adds the capability to detect binaries where there the .note.package on the binary is purely a JSON payload. This is a little different than what you'll find with a binary in a fedora distribution:

objdump -s -j .note.package /bin/ld

/bin/ld:     file format elf64-littleaarch64

Contents of section .note.package:
 039c 04000000 7c000000 7e1afeca 46444f00  ....|...~...FDO.
 03ac 7b227479 7065223a 2272706d 222c226e  {"type":"rpm","n
 03bc 616d6522 3a226269 6e757469 6c73222c  ame":"binutils",
 03cc 22766572 73696f6e 223a2232 2e34302d  "version":"2.40-
 03dc 31342e66 63333922 2c226172 63686974  14.fc39","archit
 03ec 65637475 7265223a 22616172 63683634  ecture":"aarch64
 03fc 222c226f 73437065 223a2263 70653a2f  ","osCpe":"cpe:/
 040c 6f3a6665 646f7261 70726f6a 6563743a  o:fedoraproject:
 041c 6665646f 72613a33 39227d00           fedora:39"}.

Note the header at the top before the JSON payload. Based on the documentation the prefix is a ELF section header:

typedef struct {
	Elf_Word	sh_name;
	Elf_Word	sh_type;
	Elf_Word	sh_flags;
	Elf_Addr	sh_addr;
	Elf_Off	sh_offset;
	Elf_Word	sh_size;
	Elf_Word	sh_link;
	Elf_Word	sh_info;
	Elf_Word	sh_addralign;
	Elf_Word	sh_entsize;
} Elf_Shdr;

It would be ideal to eventually be able to decode .note.package sections that are not purely JSON payloads such that we can get to the JSON payload, even if we drop the section header info entirely.
@wagoodman wagoodman added the enhancement New feature or request label Mar 13, 2024
@wagoodman wagoodman added this to the Elevate binary artifacts milestone Mar 13, 2024
@wagoodman wagoodman mentioned this issue May 1, 2024
Open
@wagoodman wagoodman self-assigned this Jun 7, 2024
@wagoodman wagoodman mentioned this issue Jun 7, 2024
Merged
@wagoodman wagoodman moved this to In Progress in OSS Jun 7, 2024
@wagoodman wagoodman moved this from In Progress to In Review in OSS Jun 7, 2024
@github-project-automation github-project-automation bot moved this from In Review to Done in OSS Jun 7, 2024
@BrewTestBot BrewTestBot mentioned this issue Jun 10, 2024
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@wagoodman wagoodman

Labels
enhancement New feature or request
Projects
OSS
Archived in project
Milestone
Elevate binary artifacts
Development

Successfully merging a pull request may close this issue.

Add support for reading ELF package notes with section header anchore/syft
1 participant
@wagoodman