Looks like I may have stretched what values are acceptable for p_filesz/p_memsz too far. What's your kernel version? (I tested it on 6.8.0 and 4.4.0.) Perhaps the 316-byte version at commit 451827cfd5399074 (before that particular hack was introduced) would work.
301 bytes! The base64 one-liner install is a nice flex. Accepting an infinite loop when energy_full doesn't exist is peak code golf, perfectly reasonable when every byte counts. Is there a writeup on the assembly somewhere?
I would prefer avoiding the infinite loop and printing a message to help the user understand what went wrong. I'm sure you could do that with an extra 100 bytes or so. Just my opinion of course.
It doesn't even look like particularly optimised Asm (could immediately spot a few savings, despite how horrible GAS syntax is to read...), but is definitely not "compiler slop"[1] either, which shows just how inefficient the majority of programs actually are. Of course even the ELF header takes up a significant amount of space, but this reminds me of how PC magazines would print short listings of utilities like this, often a few dozen up to a few hundred bytes at most --- in DOS .COM format, which is headerless and thus pure machine instructions.
[1] In the late 80s and early 90s, the battle between those writing handwritten Asm and those using compiled HLLs has many similarities to AI-generated vs non-AI code today.
If the savings are about `mov $1, %edi` and `mov $10, %ecx`, those 32-bit immediate values line up with the higher bytes of p_filesz and p_memsz in the program header, which have to be zero [1]. If not, what are the savings? :)
As always with these admirable hacks, I feel compelled to point out these are not really ELF executables but just small files you can trick the x86_64 Linux kernel into loading.
I mean they're very clever and legit and kudos to the people who develop these exploits, but they're not ELF.
GP is likely referring to how fields in the ELF and program header are abused for instructions and data in a way that happens to not break things on Linux.
What about adding a Make rule to auto-generate the one-liner install from the binary?
[1] In the late 80s and early 90s, the battle between those writing handwritten Asm and those using compiled HLLs has many similarities to AI-generated vs non-AI code today.
[1]: https://github.com/meribold/btry/commit/8ef5a4ce58ae73c489d2...
I mean they're very clever and legit and kudos to the people who develop these exploits, but they're not ELF.
Or to flip it round. If Linux accepts something as an ELF that isn't, then it isn't an ELF loader.
Would you describe a web browser that doesn't score 100% on a rendering test as not a browser?