Development mailing list

Syndicate content
Archive of posts for haiku-development at FreeLists
Updated: 49 min 16 sec ago

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Fri, 2014-03-28 10:45
Am 25.03.2014 um 06:53 schrieb Ingo Weinhold ingo_weinhold@xxxxxx: Just place a binary in non-packaged/bin with a name that clashes with that of an installed package, e.g. python. Wait until the victim boots and starts something using python. Let your binary add a new certificate and replace hpkgs. Attack successful ;). That's why unpackaged executables would have to be signed. Then an attacker just places a shell script with shebang. And now? Do you want ...
Categories: Development

[haiku-development] Re: Design for signed packages (Axel Dörfler)

Fri, 2014-03-28 10:45
On March 25, 2014 at 9:11 AM Stephan Aßmus superstippi@xxxxxx wrote: And I want to compile and run software without the need to obtain a trusted certificate and signing it with that. Of course, all of that would be optional. If someone can propose a system that is bullet-proof and at the same time practical, I am all ears... It can be practical for non-developers, and it would only make sense in ...
Categories: Development

[haiku-development] Re: Design for signed packages (Stephan Aßmus)

Fri, 2014-03-28 04:45
Am 25.03.2014 06:53, schrieb Ingo Weinhold: On 25.03.2014 01:57, Jonathan Schleifer wrote: Am 24.03.2014 um 21:27 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: On 03/24/2014 07:55 PM, Jonathan Schleifer wrote: ...
Categories: Development

[haiku-development] Re: Design for signed packages (Ingo Weinhold)

Fri, 2014-03-28 04:45
On 25.03.2014 01:57, Jonathan Schleifer wrote: Am 24.03.2014 um 21:27 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: On 03/24/2014 07:55 PM, Jonathan Schleifer wrote: Am 23.03.2014 um 23:17 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Fri, 2014-03-28 04:45
Am 24.03.2014 um 21:27 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: On 03/24/2014 07:55 PM, Jonathan Schleifer wrote: Am 23.03.2014 um 23:17 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: I don't think we should only support secure boot in combination with an encrypted boot disk. Well, for it to actually make sense, full disk encryption is basically a must. An attacker can just place arbitrary binaries on the system to get control. ...
Categories: Development

[haiku-development] Re: [haiku-development] Re: [haiku-development] [haiku-development] /packages, /system/packages, /system/package-links… (Axel Dörfler)

Fri, 2014-03-28 02:45
On 03/24/2014 08:11 PM, Jonathan Schleifer wrote: I assume that /packages contains all visible packages for the current user, while /system/package-links only has the one in /system. You assumed wrong. /packages is a symlink to /system/package-links - this is basically what I'm complaining about. You got it wrong which basically proves the point I make: It's not intuitive. ...
Categories: Development

[haiku-development] Re: Design for signed packages (Axel Dörfler)

Thu, 2014-03-27 22:45
On 03/24/2014 07:55 PM, Jonathan Schleifer wrote: Am 23.03.2014 um 23:17 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: I don't think we should only support secure boot in combination with an encrypted boot disk. Well, for it to actually make sense, full disk encryption is basically a must. An attacker can just place arbitrary binaries on the system to get control. ...
Categories: Development

[haiku-development] Re: hpkgs and compression (Jonathan Schleifer)

Thu, 2014-03-27 22:45
Am 24.03.2014 um 11:44 schrieb Ingo Weinhold ingo_weinhold@xxxxxx: But aligning it for mmap() is a good point - though we should use 8 instead of 4 I guess, since some platforms have 8 bytes as their natural alignment. mmap()ed data are always page aligned. And this really isn't relevant in this case, because the alignment within the package file is completely irrelevant to mmap()ing contained files. Yes, the start of the data is always page-aligned. What I meant is making ...
Categories: Development

[haiku-development] Re: [haiku-development] [haiku-development] /packages, /system/packages, /system/package-links… (Jonathan Schleifer)

Thu, 2014-03-27 20:45
Am 24.03.2014 um 12:24 schrieb Ingo Weinhold ingo_weinhold@xxxxxx: As you may have notice, /packages is a symlink to /boot/system/package-links. I did indeed. And I wonder why it's not just mounted to /packages (or better: /package-links) and /boot/system/package-links non-existant. package-links is not actually a particularly good name. Yes, it contains directories with symlinks, but that's only the syntax level. It actually contains meta information about the currently active packages (for the ...
Categories: Development

[haiku-development] Re: [haiku-development] [haiku-development] /packages, /system/packages, /system/package-links… (Jonathan Schleifer)

Thu, 2014-03-27 20:45
Am 23.03.2014 um 22:54 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: On 03/22/2014 06:09 PM, Jonathan Schleifer wrote: Therefore, my proposal would be: Remove /packages and /system/package-links, instead use /package-links and mount the virtual filesystem there. That would give the following layout: It's quite confusing that you remove something (/system/package-links) you obviously don't understand any more than I do, at least :-) ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Thu, 2014-03-27 20:45
Am 24.03.2014 um 17:10 schrieb Ingo Weinhold ingo_weinhold@xxxxxx: Finally, at the end of the heap (we fortunately know it's compressed size so we can easily seek there), I would add the following fields (not final yet, but to give you a rough idea): uint8 signature[64]; uint16 certificateLength; uint8 certificate[]; ...
Categories: Development

[haiku-development] Re: Design for signed packages (Jonathan Schleifer)

Thu, 2014-03-27 20:45
Am 23.03.2014 um 23:17 schrieb Axel Dörfler axeld@xxxxxxxxxxxxxxxx: On 03/22/2014 10:28 PM, Jonathan Schleifer wrote: Remember our file system is encrypted. So now we need to ask the user for the encryption password (in the loader, that is). The loader is already signed so it cannot be tampered with. So after the user entered the correct password, the loader can now load the haiku.hpkg - without checking the signature! ...
Categories: Development

[haiku-development] Re: Design for signed packages (Ingo Weinhold)

Thu, 2014-03-27 20:45
On 03/22/2014 10:28 PM, Jonathan Schleifer wrote: Von: Jonathan Schleifer js-haikuports-commits@xxxxxxxxxxx Betreff: Aw: [HaikuPorts-svn] haikuporter : 1 new changeset : a4ba368099a5 Datum: 22. März 2014 22:24:28 MEZ An: HaikuPorts SVN commits haikuports-svn@xxxxxxxxxxxxxxxxxxxxxxxxxxx [...] ...
Categories: Development

[haiku-development] Re: [haiku-development] /packages, /system/packages, /system/package-links… (Ingo Weinhold)

Thu, 2014-03-27 14:45
On 03/22/2014 06:09 PM, Jonathan Schleifer wrote: We currently have the following paths: /packages /system/packages /system/package-links /boot/home/config/packages In /system/packages, we have hpkg files. In /boot/home/config/packages, we have hpkg files. So far, this seems ...
Categories: Development

[haiku-development] Re: hpkgs and compression (Ingo Weinhold)

Thu, 2014-03-27 12:45
On 03/22/2014 08:50 PM, Jonathan Schleifer wrote: Am 22.03.2014 um 19:54 schrieb David Given dg@xxxxxxxxxxx: Android packages are signed zipfiles, and have much the same access patterns as hpkgs; there's a special tool called zipalign which ensures that the files in the zipfile are 4-aligned. This allows Android to mmap() the zipfiles and access file data using 32-bit instructions. i.e ...