Menu
▾
▴
[Valgrind-developers] [DARWIN] Code signing related system calls
|
From: Filipe C. <fi...@gm...> - 2009-04-02 09:25:32
|
Hi, First of all... valgrind can now run iTunes :-) Patch: http://web.ist.utl.pt/~filipe.cabecinhas/patches/valgrind-F_ADDSIGS-csops.patch There were two missing system calls where valgrind bombed out: fcntl(F_ADDSIGS) - add detached signatures csops(...) - code signing operations (syscall number 169) The fcntl is there to add a signature that, instead of being in the executable file, resides in a separate file. the csops() syscall performs various operations on a process: - query the process' status - mark the process as invalid, set HARD or KILL flag - get the executable's pathname - get the code directory hash Attached is a small test program for the various operations (that used to bomb out with valgrind). It receives a PID as argument (if it's called with no arguments it just analyses itself) and performs the query operations (STATUS, PIDPATH and CDHASH). Superuser permissions are necessary. To try out the various flags start, for example, an md5 program (you can check that it's signed using "codesign -vvvv `which md5`"), and query the flags (it should have flag 0x1, meaning that it's valid). Mark the processa as KILL if invalid and then mark it as invalid to see it get killed by the system. iTunes would add the signatures and, when the KILL flag was set using csops(), kill itself. I implemented csops() to do a no-op when passed a MARK* operation. I didn't keep track of the marks but I guess we could do that. I don't know if it's possible to redirect the F_ADDSIGS parameter that says which code is signed so we could keep the program valid (if that original code isn't touched by valgrind), but that would be nice (and stealthy :-) ). Regards, F Example: I run md5 in a terminal and it sits idle waiting for input. In another terminal: [filcab@farnsworth ~/Desktop] $ sudo ./a 10874 errno: 0, res: 0, status: 1 (0x1) errno: 0, res: 0, path: /sbin/md5 errno: 0, res: 0, hash: 690e1b75356209a6b171860339387a836ea45df3 ### I change a.c to mark the process as KILL before the query ops [filcab@farnsworth ~/Desktop] $ make a && sudo ./a 10874 cc a.c -o a errno: 0, res: 0 errno: 0, res: 0, status: 513 (0x201) errno: 0, res: 0, path: /sbin/md5 errno: 0, res: 0, hash: 690e1b75356209a6b171860339387a836ea45df3 ### I change a.c to mark the process as invalid before the query ops ### errno 3 == No such process [filcab@farnsworth ~/Desktop] $ make a && sudo ./a 10874 cc a.c -o a errno: 0, res: 0 errno: 3, res: 4294967295, status: 0 (0) errno: 3, res: 4294967295, path: errno: 3, res: 4294967295, hash: 0000000000000000000000000000000000000000 [filcab@farnsworth ~/Desktop] $ |
