Development mailing list

Syndicate content
Archive of posts for haiku-development at FreeLists
Updated: 28 min 15 sec ago

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Fri, 2014-03-28 10:45
Am 25.03.2014 um 06:53 schrieb Ingo Weinhold ingo_weinhold@xxxxxx: Just place a binary in non-packaged/bin with a name that clashes with that of an installed package, e.g. python. Wait until the victim boots and starts something using python. Let your binary add a new certificate and replace hpkgs. Attack successful ;). That's why unpackaged executables would have to be signed. Then an attacker just places a shell script with shebang. And now? Do you want ...
Categories: Development

[haiku-development] Re: Design for signed packages (Axel Dörfler)

Fri, 2014-03-28 10:45
On March 25, 2014 at 9:11 AM Stephan Aßmus superstippi@xxxxxx wrote: And I want to compile and run software without the need to obtain a trusted certificate and signing it with that. Of course, all of that would be optional. If someone can propose a system that is bullet-proof and at the same time practical, I am all ears... It can be practical for non-developers, and it would only make sense in ...
Categories: Development

[haiku-development] Re: Design for signed packages (Stephan Aßmus)

Fri, 2014-03-28 04:45
Am 25.03.2014 06:53, schrieb Ingo Weinhold: On 25.03.2014 01:57, Jonathan Schleifer wrote: Am 24.03.2014 um 21:27 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: On 03/24/2014 07:55 PM, Jonathan Schleifer wrote: ...
Categories: Development

[haiku-development] Re: Design for signed packages (Ingo Weinhold)

Fri, 2014-03-28 04:45
On 25.03.2014 01:57, Jonathan Schleifer wrote: Am 24.03.2014 um 21:27 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: On 03/24/2014 07:55 PM, Jonathan Schleifer wrote: Am 23.03.2014 um 23:17 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Fri, 2014-03-28 04:45
Am 24.03.2014 um 21:27 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: On 03/24/2014 07:55 PM, Jonathan Schleifer wrote: Am 23.03.2014 um 23:17 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: I don't think we should only support secure boot in combination with an encrypted boot disk. Well, for it to actually make sense, full disk encryption is basically a must. An attacker can just place arbitrary binaries on the system to get control. ...
Categories: Development

[haiku-development] Re: [haiku-development] Re: [haiku-development] [haiku-development] /packages, /system/packages, /system/package-links… (Axel Dörfler)

Fri, 2014-03-28 02:45
On 03/24/2014 08:11 PM, Jonathan Schleifer wrote: I assume that /packages contains all visible packages for the current user, while /system/package-links only has the one in /system. You assumed wrong. /packages is a symlink to /system/package-links - this is basically what I'm complaining about. You got it wrong which basically proves the point I make: It's not intuitive. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Axel Dörfler)

Thu, 2014-03-27 22:45
On 03/24/2014 07:55 PM, Jonathan Schleifer wrote: Am 23.03.2014 um 23:17 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: I don't think we should only support secure boot in combination with an encrypted boot disk. Well, for it to actually make sense, full disk encryption is basically a must. An attacker can just place arbitrary binaries on the system to get control. ...
Categories: Development

[haiku-development] Re: hpkgs and compression (Jonathan Schleifer)

Thu, 2014-03-27 22:45
Am 24.03.2014 um 11:44 schrieb Ingo Weinhold ingo_weinhold@xxxxxx: But aligning it for mmap() is a good point - though we should use 8 instead of 4 I guess, since some platforms have 8 bytes as their natural alignment. mmap()ed data are always page aligned. And this really isn't relevant in this case, because the alignment within the package file is completely irrelevant to mmap()ing contained files. Yes, the start of the data is always page-aligned. What I meant is making ...
Categories: Development

[haiku-development] Re: [haiku-development] [haiku-development] /packages, /system/packages, /system/package-links… (Jonathan Schleifer)

Thu, 2014-03-27 20:45
Am 24.03.2014 um 12:24 schrieb Ingo Weinhold ingo_weinhold@xxxxxx: As you may have notice, /packages is a symlink to /boot/system/package-links. I did indeed. And I wonder why it's not just mounted to /packages (or better: /package-links) and /boot/system/package-links non-existant. package-links is not actually a particularly good name. Yes, it contains directories with symlinks, but that's only the syntax level. It actually contains meta information about the currently active packages (for the ...
Categories: Development

[haiku-development] Re: [haiku-development] [haiku-development] /packages, /system/packages, /system/package-links… (Jonathan Schleifer)

Thu, 2014-03-27 20:45
Am 23.03.2014 um 22:54 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: On 03/22/2014 06:09 PM, Jonathan Schleifer wrote: Therefore, my proposal would be: Remove /packages and /system/package-links, instead use /package-links and mount the virtual filesystem there. That would give the following layout: It's quite confusing that you remove something (/system/package-links) you obviously don't understand any more than I do, at least :-) ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Thu, 2014-03-27 20:45
Am 24.03.2014 um 17:10 schrieb Ingo Weinhold ingo_weinhold@xxxxxx: Finally, at the end of the heap (we fortunately know it's compressed size so we can easily seek there), I would add the following fields (not final yet, but to give you a rough idea): uint8 signature[64]; uint16 certificateLength; uint8 certificate[]; ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Thu, 2014-03-27 20:45
Am 23.03.2014 um 23:17 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: On 03/22/2014 10:28 PM, Jonathan Schleifer wrote: Remember our file system is encrypted. So now we need to ask the user for the encryption password (in the loader, that is). The loader is already signed so it cannot be tampered with. So after the user entered the correct password, the loader can now load the haiku.hpkg - without checking the signature! ...
Categories: Development

[haiku-development] Re: Design for signed packages (Ingo Weinhold)

Thu, 2014-03-27 20:45
On 03/22/2014 10:28 PM, Jonathan Schleifer wrote: Von: Jonathan Schleifer js-haikuports-commits@xxxxxxxxxxx Betreff: Aw: [HaikuPorts-svn] haikuporter : 1 new changeset : a4ba368099a5 Datum: 22. März 2014 22:24:28 MEZ An: HaikuPorts SVN commits haikuports-svn@xxxxxxxxxxxxxxxxxxxxxxxxxxx [...] ...
Categories: Development

[haiku-development] Re: [haiku-development] /packages, /system/packages, /system/package-links… (Ingo Weinhold)

Thu, 2014-03-27 14:45
On 03/22/2014 06:09 PM, Jonathan Schleifer wrote: We currently have the following paths: /packages /system/packages /system/package-links /boot/home/config/packages In /system/packages, we have hpkg files. In /boot/home/config/packages, we have hpkg files. So far, this seems ...
Categories: Development

[haiku-development] Re: hpkgs and compression (Ingo Weinhold)

Thu, 2014-03-27 12:45
On 03/22/2014 08:50 PM, Jonathan Schleifer wrote: Am 22.03.2014 um 19:54 schrieb David Given dg@xxxxxxxxxxx: Android packages are signed zipfiles, and have much the same access patterns as hpkgs; there's a special tool called zipalign which ensures that the files in the zipfile are 4-aligned. This allows Android to mmap() the zipfiles and access file data using 32-bit instructions. i.e ...
Categories: Development

[haiku-development] Re: Design for signed packages (Axel Dörfler)

Thu, 2014-03-27 12:45
On 03/22/2014 10:28 PM, Jonathan Schleifer wrote: Remember our file system is encrypted. So now we need to ask the user for the encryption password (in the loader, that is). The loader is already signed so it cannot be tampered with. So after the user entered the correct password, the loader can now load the haiku.hpkg - without checking the signature! ...
Categories: Development

[haiku-development] Re: Auto Hiding Scroll Bars (Axel Dörfler)

Thu, 2014-03-27 12:45
On 03/22/2014 11:02 PM, Andrew Wood wrote: Ive been doing some work creating an alternative to BScrollView for my app which automatically hides the scrollbars completely if theyre not neeeded rather than just greying them out. Currently its a subclass of BView but I see no reason why it couldnt be integrated into BScrollView if people wanted it. If anyones interested I will release it under a BSD or MIT licence....and yes I have followed ...
Categories: Development

[haiku-development] Re: [haiku-development] /packages, /system/packages, /system/package-links… (Axel Dörfler)

Thu, 2014-03-27 12:45
On 03/22/2014 06:09 PM, Jonathan Schleifer wrote: Therefore, my proposal would be: Remove /packages and /system/package-links, instead use /package-links and mount the virtual filesystem there. That would give the following layout: It's quite confusing that you remove something (/system/package-links) you obviously don't understand any more than I do, at least :-) ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Thu, 2014-03-27 12:45
Am 23.03.2014 um 03:11 schrieb Jonathan Schleifer js-haiku-development@xxxxxxxxxxx: and in the place where it matters Of course, that should have been and in the other place where it matters. I decided to change that in now to not copy the message And that in shouldn't be there, of course. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Thu, 2014-03-27 12:45
Am 22.03.2014 um 22:55 schrieb Jonathan Schleifer js-haiku-development@xxxxxxxxxxx: Looking some more at it: It copies the whole message, so either we need to change the reference implementation to not do that, or use my original approach and hash first. The message it signs is of variable length and I could not find a maximum length, so in theory, it should work if we patch it to not copy the message. I'll try to contact djb and ask him what he thinks is the right approach. ...
Categories: Development