How crazy/horrible/stupid would it be to write a single-pass streaming parser for ELF as part of a firmware updater?
More specifically, you're given a chance to look at each byte of data once. You can either write it to flash immediately, update some local variables (like "offset of .text"), or ignore it.
But once you've seen a given part of the file, you can't rewind and look at it again later (since I'm flashing an image that might be larger than available RAM).
How likely is this to fail in practice? I'm not asking if one of the POC||GTFO editors could craft an ELF that would break this, I'm sure they could. But if I control the linker script generating the file, and have the parser simply refuse to process any file that doesn't play by my rules, am I probably OK?
