Page MenuHomePhabricator
Feed Advanced Search

Dec 9 2021

Patrick closed T958: Write VirtualBox Screen Resolution Bug Report as Resolved.
Dec 9 2021, 6:10 PM · C Code, upstream, bug, Whonix 15, Whonix, VirtualBox

Mar 22 2020

Patrick changed the status of T958: Write VirtualBox Screen Resolution Bug Report from Open to testing-in-next-build-required.
Mar 22 2020, 7:25 PM · C Code, upstream, bug, Whonix 15, Whonix, VirtualBox
Patrick updated the task description for T958: Write VirtualBox Screen Resolution Bug Report.
Mar 22 2020, 7:25 PM · C Code, upstream, bug, Whonix 15, Whonix, VirtualBox

Mar 21 2020

Patrick updated the task description for T958: Write VirtualBox Screen Resolution Bug Report.
Mar 21 2020, 10:31 AM · C Code, upstream, bug, Whonix 15, Whonix, VirtualBox

Mar 7 2020

Patrick updated the task description for T958: Write VirtualBox Screen Resolution Bug Report.
Mar 7 2020, 12:46 AM · C Code, upstream, bug, Whonix 15, Whonix, VirtualBox

Feb 12 2020

Patrick triaged T958: Write VirtualBox Screen Resolution Bug Report as Normal priority.
Feb 12 2020, 2:54 PM · C Code, upstream, bug, Whonix 15, Whonix, VirtualBox

Nov 25 2019

Patrick updated the task description for T543: TCP ISNs and Temperature induced clock skews.
Nov 25 2019, 12:32 PM · C Code, security, Whonix

Nov 16 2019

Patrick updated the task description for T543: TCP ISNs and Temperature induced clock skews.
Nov 16 2019, 10:20 AM · C Code, security, Whonix
Patrick added a comment to T543: TCP ISNs and Temperature induced clock skews.
Nov 16 2019, 10:19 AM · C Code, security, Whonix
Patrick updated the task description for T543: TCP ISNs and Temperature induced clock skews.
Nov 16 2019, 10:18 AM · C Code, security, Whonix

Oct 7 2019

HulaHoop added a comment to T543: TCP ISNs and Temperature induced clock skews.

An alternative proposal for editing ISNs without involving the kernel:

Oct 7 2019, 1:11 AM · C Code, security, Whonix

Apr 5 2019

Patrick added a comment to T543: TCP ISNs and Temperature induced clock skews.

@Patrick What is the status of integration?

Apr 5 2019, 8:20 PM · C Code, security, Whonix
HulaHoop added a comment to T543: TCP ISNs and Temperature induced clock skews.

@Patrick What is the status of integration? Since we have kloak this is also a great defense to have. There is a script on there for packing as a deb:

Apr 5 2019, 6:55 PM · C Code, security, Whonix

Aug 7 2018

HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

In theory, we could make sdwdate provide a local (default) (or optional opt-in server) NTP compatible time provider. Could be useful anyhow. -> sdwdate-server No idea how hard that would be.

And then configure NTP to connect only to that local NTP server.

Aug 7 2018, 6:37 AM · Whonix, C Code, sclockadj, sdwdate
HulaHoop closed T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon, a subtask of T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock, as Resolved.
Aug 7 2018, 6:16 AM · Whonix, C Code, sclockadj, sdwdate

Aug 6 2018

Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

/usr/sbin/ntpdate as far as I know doesn't accept a command line command to take an offset (or anything). It connects to remote servers in its default design.

Aug 6 2018, 6:59 PM · Whonix, C Code, sclockadj, sdwdate
Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

Yes, not readily accessible from command line.

Aug 6 2018, 6:48 PM · Whonix, C Code, sclockadj, sdwdate
HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

The easy way: calculating the offset between local time and the onion average in timesync then using ntpdate's slew option if the offset is less than 0.5s. Otherwise you tell it to step up the time immediately so that you are accurately mimicking the default behavior. However you can force slewing all the time with -B. This way you won't need to touch kernel syscalls as ntpdate should be able to do the operation for you.

Aug 6 2018, 6:28 PM · Whonix, C Code, sclockadj, sdwdate
HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

From what I understand, this code path is only relevant when timesyncd is talking directly with NTP servers and reacting to replies about deltas between local and remote times. There is no way you can call that function from the command line when using timedatectl standalone AFAICT.

Aug 6 2018, 3:46 PM · Whonix, C Code, sclockadj, sdwdate

Aug 5 2018

Patrick updated the task description for T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.
Aug 5 2018, 1:58 PM · Whonix, C Code, sclockadj, sdwdate
Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

It doesn't seem that timedatectl supports gradual time adjustment.

Aug 5 2018, 1:52 PM · Whonix, C Code, sclockadj, sdwdate

Jul 27 2018

HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

Since we are interested in ntpd's default behavior (for blending in purposes) it turns out that it performs instant clock jumps once the delta difference is excessively large otherwise its slewing algorithm would take forever to adjust the time.

Jul 27 2018, 5:33 PM · Whonix, C Code, sclockadj, sdwdate
HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

It doesn't seem that timedatectl supports gradual time adjustment. Our next best option is ntpd which can do so but cannot coexist with timedatectl - we can only run either but not both. According to popcon, ntpd is the mos widely used time daemon so its the natural choice.

Jul 27 2018, 4:22 PM · Whonix, C Code, sclockadj, sdwdate
Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

Currently time is set using gnu date (clock jump) (initial run after current boot) or sclockadj (consecutive run) (slow clock adjustment).

Jul 27 2018, 7:35 AM · Whonix, C Code, sclockadj, sdwdate

Jul 25 2018

HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

the time could be set with timedatectl by feeding it the time with this command:

Jul 25 2018, 7:20 PM · Whonix, C Code, sclockadj, sdwdate
Patrick added a subtask for T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock: T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon.
Jul 25 2018, 7:41 AM · Whonix, C Code, sclockadj, sdwdate
Patrick triaged T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock as Normal priority.
Jul 25 2018, 7:22 AM · Whonix, C Code, sclockadj, sdwdate
Patrick closed T50: systemd spams journal due to time changed by sclockadj, rewrite of sclockadj, sclockadj2 as Resolved.

sclockadj3 is done -> T686.

Jul 25 2018, 6:35 AM · C Code, python, bug, Whonix, sdwdate, sclockadj

Jul 3 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

A miracle has happened. All of https://github.com/yongboy/bindp/pull/6 was merged by upstream.

Very well. So finally they applied our patch.

Jul 3 2017, 6:55 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.
In T599#12631, @Patrick wrote:

Notified upstream. Let's see if he replies.

bindp pull request - security fixes, debian packaging, and more:
https://github.com/yongboy/bindp/pull/6

Jul 3 2017, 11:52 AM · bindp, security, Whonix 14, Whonix, C Code

Jun 16 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

What about...?

Jun 16 2017, 6:21 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

What about...?

Jun 16 2017, 6:16 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.
In T599#13705, @Patrick wrote:

Now pushed.

Jun 16 2017, 5:47 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

Now pushed.

Jun 16 2017, 5:01 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick In the master branch the only difference in comparison to the original version that I can see is the main function at the bottom of the file. Did you not apply the changes? This code is still the previous one.

Jun 16 2017, 4:15 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick closed T599: bindp libindp.so C code fixes as Resolved.

Merged into master.

Jun 16 2017, 3:41 PM · bindp, security, Whonix 14, Whonix, C Code

Jun 15 2017

JasonJAyalaP closed T650: review 30 lines of sclockadj inline C code as Resolved.
Jun 15 2017, 8:42 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code

Jun 14 2017

Patrick added a comment to T650: review 30 lines of sclockadj inline C code.

Please create a new ticket for porting to some better C function.

Jun 14 2017, 10:18 AM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
JasonJAyalaP added a comment to T650: review 30 lines of sclockadj inline C code.

adjtimex, as far as I can tell, is for tuning the clock to stay accurate. It's not directly for setting a new time. I assume it's used by ntp to speed up and slow down the clock, with more code that checks on it and stops it when it reaches the right time. Reimplementing this is beyond my skill.

Jun 14 2017, 1:14 AM · Whonix 14, Whonix, sclockadj, sdwdate, C Code

Jun 8 2017

JasonJAyalaP claimed T650: review 30 lines of sclockadj inline C code.
Jun 8 2017, 5:10 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
JasonJAyalaP added a comment to T650: review 30 lines of sclockadj inline C code.

OK. It might strain my limited C knowledge, but I'll give it shot.

Jun 8 2017, 5:09 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code

Jun 7 2017

marmarek added a comment to T650: review 30 lines of sclockadj inline C code.

Looks like at least NTP and chrony use ntp_adjtime/adjtimex

Jun 7 2017, 11:30 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
Patrick added a comment to T650: review 30 lines of sclockadj inline C code.

Where is adjtime being used in existing time sync applications? NTP?
chrony? systemd-timesyncd?

Jun 7 2017, 11:22 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
JasonJAyalaP added a comment to T650: review 30 lines of sclockadj inline C code.

Using adjtime would be a simple matter (of programming), but only has microsecond precision.

Jun 7 2017, 10:02 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
Patrick added a comment to T650: review 30 lines of sclockadj inline C code.

A popular existing linux tool.

Jun 7 2017, 9:25 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
JasonJAyalaP added a comment to T650: review 30 lines of sclockadj inline C code.

Do we need precise control? The only requirement (other than working) is that it imitate an existing linux tool.

Jun 7 2017, 9:24 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code

Jun 6 2017

marmarek added a comment to T650: review 30 lines of sclockadj inline C code.

adjtimex/ntp_adjtime looks quite complex, but also allow precise control on how time should be adjusted. From those two, according to manual page ntp_adjtime is preferred.

Jun 6 2017, 10:42 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code

Jun 5 2017

Patrick added a comment to T650: review 30 lines of sclockadj inline C code.

It would avoid trashing logs with Time has been changed every single second, and possibly other side effects.

Jun 5 2017, 11:32 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
marmarek added a comment to T650: review 30 lines of sclockadj inline C code.

I've left you some minor comments here: https://github.com/JasonJAyalaP/sclockadj/commit/e9bf84e3a400f7a8ef01e5f00dcefc013d0a9efe

Jun 5 2017, 8:54 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
marmarek added a comment to T650: review 30 lines of sclockadj inline C code.

What about using adjtime() syscall instead of all this? It would avoid trashing logs with Time has been changed every single second, and possibly other side effects.

Jun 5 2017, 8:44 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
JasonJAyalaP assigned T650: review 30 lines of sclockadj inline C code to marmarek.
Jun 5 2017, 6:42 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code

Jun 3 2017

JasonJAyalaP added a comment to T650: review 30 lines of sclockadj inline C code.

@marmarek Would you be willing to review the C? It's under 75 total lines.

Jun 3 2017, 6:00 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code

Jun 2 2017

JasonJAyalaP added a comment to T650: review 30 lines of sclockadj inline C code.

I've rewritten the whole thing in C. It was a simple matter since we no longer need the random interval algorithm. Patrick prefers that it imitates ntpd instead of trying to hide.

Jun 2 2017, 10:43 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code

Mar 26 2017

Patrick reopened T599: bindp libindp.so C code fixes as "Open".
Mar 26 2017, 11:53 AM · bindp, security, Whonix 14, Whonix, C Code
Patrick closed T599: bindp libindp.so C code fixes as Resolved.
Mar 26 2017, 10:56 AM · bindp, security, Whonix 14, Whonix, C Code

Mar 17 2017

Patrick added a project to T650: review 30 lines of sclockadj inline C code: Whonix 14.
Mar 17 2017, 12:49 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
Patrick updated subscribers of T650: review 30 lines of sclockadj inline C code.
Mar 17 2017, 12:48 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
Patrick added a comment to T650: review 30 lines of sclockadj inline C code.

Yes, sclockadj runs as root. Usually sclockadj is functional.

Mar 17 2017, 12:48 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code

Mar 16 2017

s.sh added a comment to T650: review 30 lines of sclockadj inline C code.

the clock_gettime and clock_settime functions are passing zero as their first parameters and that means CLOCK_REALTIME. Firstly the process needs root privilege to touch real time clock, secondly you need to somehow run it by strace like:

Mar 16 2017, 6:37 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
Patrick added a comment to T650: review 30 lines of sclockadj inline C code.

TZ is unset since it's started as a systemd unit file.

Mar 16 2017, 6:31 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
s.sh added a comment to T650: review 30 lines of sclockadj inline C code.

The C code itself doesn't have any CPU intensive instruction, if the problem is really what is written as inline C, I suspect the issue is either with

clock_gettime(0, &tps)

or

Mar 16 2017, 5:29 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
marmarek added a comment to T650: review 30 lines of sclockadj inline C code.

Can't find what debian package ship debug symbols, there is no -dbg package there: https://packages.debian.org/source/stretch/ruby2.3

Mar 16 2017, 3:52 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
marmarek added a comment to T650: review 30 lines of sclockadj inline C code.

Ah, it's ruby... So, python-dbg is irrelevant, but trying gdb may still be a good idea.

Mar 16 2017, 3:51 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
Patrick added a comment to T650: review 30 lines of sclockadj inline C code.

Thanks for having a look!

Mar 16 2017, 3:41 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
marmarek added a comment to T650: review 30 lines of sclockadj inline C code.

I don't see any loop there and only very simple function calls, so I don't see how that would trigger such bug...

Mar 16 2017, 3:35 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
Patrick created T650: review 30 lines of sclockadj inline C code.
Mar 16 2017, 2:50 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code

Mar 10 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

Do you see any things a malicious application could to gain arbitrary code execution through bindp?

Mar 10 2017, 10:55 AM · bindp, security, Whonix 14, Whonix, C Code

Mar 9 2017

Patrick added a comment to T599: bindp libindp.so C code fixes.

Notified upstream. Let's see if he replies.

Mar 9 2017, 6:35 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

Functionally speaking, as I tested, it works great in Whonix. Pretty much done.

Mar 9 2017, 6:19 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick Do you have anything else from this project remained that needs extra working on ?

Mar 9 2017, 4:49 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

Works for me!

Mar 9 2017, 4:40 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick Updated: http://pastebin.com/9XcTZwVG

Mar 9 2017, 3:58 PM · bindp, security, Whonix 14, Whonix, C Code

Mar 8 2017

Patrick added a comment to T599: bindp libindp.so C code fixes.
Onionshare 0.9.1 | https://onionshare.org/
[-] LIB received AF_INET bind request
[-] Changing 127.0.0.1 to 10.137.11.80
[-] AF_INET: Leaving port unchanged
[!] connect(): AF_INET connect() call
[-] LIB received AF_INET bind request
[-] Changing 127.0.0.1 to 10.137.11.80
[-] AF_INET: Leaving port unchanged
[!] connect(): AF_INET connect() call
[-] LIB received AF_INET bind request
[-] Changing 127.0.0.1 to 10.137.11.80
[-] AF_INET: Leaving port unchanged
[!] connect(): AF_INET connect() call
[-] LIB received AF_INET bind request
[-] Changing 127.0.0.1 to 10.137.11.80
[-] AF_INET: Leaving port unchanged
Can't connect to Tor control port on port [9151, 9153, 9051]. OnionShare requires Tor Browser to be running in the background to work. If you don't have it you can get it from https://www.torproject.org/.
Mar 8 2017, 10:40 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick I need more debug info, I suspect the connect function is causing trouble.
Please use this and send the output again: http://pastebin.com/BZqTRBTc

Mar 8 2017, 10:05 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

Added that. And added some intent style changes. Please tell me if my C intent style is actually making things non-standard / worse than before.

Mar 8 2017, 9:48 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick
Code fixed. Please check and use this: http://pastebin.com/GvDpuC0f

Mar 8 2017, 7:37 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.
In T599#12621, @Patrick wrote:

Why did you add #ifdef SO_REUSEPORT?

Mar 8 2017, 6:27 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

Why did you add #ifdef SO_REUSEPORT?

Mar 8 2017, 2:54 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

Well the segfault error is strange here, I must run it locally with your setup to check and debug which is not possible for now, but it's good you made it work finally. Good job Patrick. Still I think PIE related options are not needed for libraries.
I will modify the code by tonight and send the new revisions.

Mar 8 2017, 6:22 AM · bindp, security, Whonix 14, Whonix, C Code

Mar 7 2017

Patrick added a comment to T599: bindp libindp.so C code fixes.

It's functional! Successfully changes the listener IP.

Mar 7 2017, 10:00 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

Did that.

Mar 7 2017, 9:58 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

no segfault:

Mar 7 2017, 9:51 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

That's great! Thank you for your help! Just now tested. Unfortunately it does not work.

Mar 7 2017, 9:35 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick Nice, now regular testing needs to be done from your side, please keep in mind that connect function has to change as well, but before that I must assure that current bind() works properly and as expected. If everything goes well I will write whole code from scratch for you by modifying init and connect functions.

Mar 7 2017, 7:14 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

Did that.

Mar 7 2017, 3:55 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick Add

Mar 7 2017, 1:18 PM · bindp, security, Whonix 14, Whonix, C Code

Mar 6 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

What does DSO mean?

Mar 6 2017, 8:48 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

Can we have all hardening with PIE enabled as well as without ld warning?

Mar 6 2017, 8:36 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.
In T599#12601, @s.sh wrote:

But these warnings are not related to my revisions, they probably existed in original code.

Mar 6 2017, 8:27 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick You can compile without -fPIE (I think -fPIC is enough):

Mar 6 2017, 8:03 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.
In T599#12599, @s.sh wrote:

@Patrick Add

#include <arpa/inet.h>

at the beginning of the file.

Mar 6 2017, 7:46 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick Add

#include <arpa/inet.h>
Mar 6 2017, 7:41 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

Do you know how to fix these compiler warning?

Mar 6 2017, 7:38 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

one more stylistic fix:

Mar 6 2017, 7:24 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick The reason that I inserted curly braces is that the first line after "case AF_INET:" is not syntactically a statement, to work around this you may use a dummy sentence or use braces like what I did. The break keyword can be inside that block; there is no difference.

Mar 6 2017, 6:56 PM · bindp, security, Whonix 14, Whonix, C Code
Patrick added a comment to T599: bindp libindp.so C code fixes.

I created a branch address-family-check to ease review.

Mar 6 2017, 6:48 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

@marmarek I changed bind function and uploaded the code at: http://pastebin.com/dZb4yedz

Mar 6 2017, 6:16 PM · bindp, security, Whonix 14, Whonix, C Code

Mar 5 2017

marmarek added a comment to T599: bindp libindp.so C code fixes.
@marmarek If the problem is only with applications listening on both AF_INET and AF_UNIX,
Mar 5 2017, 9:34 PM · bindp, security, Whonix 14, Whonix, C Code
s.sh added a comment to T599: bindp libindp.so C code fixes.

@marmarek If the problem is only with applications listening on both AF_INET and AF_UNIX, I think the solution should be easy, we can change the bind function in a way that it only changes local address of the sockaddr_storage while the protocol family is AF_INET. For AF_UNIX address family there doesn't seem to be any need to change the address (the pathname of the socket). By applying these changes will the problem get solved? If yes, I will rewrite the bind function for you to test.

Mar 5 2017, 9:26 PM · bindp, security, Whonix 14, Whonix, C Code

Feb 23 2017

marmarek added a comment to T599: bindp libindp.so C code fixes.

The problem is not in connect function, but in bind. It assume AF_INET family, casting sk pointer to struct sockaddr_in. But if socket family is something different, the structure also may be different (for example struct sockaddr_un for AF_UNIX). In practice, besides misusing this library, the problem only applies to applications listening on both locak (AF_UNIX) and network (AF_INET) sockets. Because you don't use this library for AF_UNIX-only applications.

Feb 23 2017, 1:03 AM · bindp, security, Whonix 14, Whonix, C Code