Fold is a framework to create dynamic linkers in Rust.
To get started, first install the dependencies:
- Rust and
cargo justnasmpatchelfgccmake(forsqlite3build)typst(for rendering the report)
See just help to list available commands. The most important ones are:
just buildjust testjust run <TARGET>, e.g.just run samples/hello.
To have full Intellisense and linter support, we recommend to use VSCode with the rust-analyzer extension. Add the following lines to .vscode/settings.json:
The examples folder contains implementations of dynamic linkers using Fold. See the report for more details (if not already done, it can be built with just report).
From a security perspective, it could be interesting to reduce the number of syscalls a process have access to. The seccomp syscall exactly do that! It uses a filter implemented as an eBPF program to restrict usage of syscalls. What we can do with Fold, is to call seccomp before jumping to the entry point of our program.
We can push the previous syscall filter idea further. For example, we could scan the object to detect the syscalls used and then restrict the process to only this set.
The goal of this example is to allow the injection of hooks before some of the dynamically linked functions. To be considered successful, these hooks should be invisible both to the program itself and to the libraries.
{ "rust-analyzer.linkedProjects": [ "${workspaceFolder}/Cargo.toml", "${workspaceFolder}/tests/Cargo.toml" ] }