Page MenuHomePhabricator

s.sh (ssh)
User

Projects

User does not belong to any projects.

User Details

User Since
Feb 22 2017, 9:40 AM (125 w, 1 d)

Recent Activity

Jul 3 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

A miracle has happened. All of https://github.com/yongboy/bindp/pull/6 was merged by upstream.

Very well. So finally they applied our patch.

Jul 3 2017, 8:55 PM · bindp, security, Whonix 14, C Code, Whonix

Jun 16 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

What about...?

Jun 16 2017, 8:21 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.
In T599#13705, @Patrick wrote:

Now pushed.

Jun 16 2017, 7:47 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick In the master branch the only difference in comparison to the original version that I can see is the main function at the bottom of the file. Did you not apply the changes? This code is still the previous one.

Jun 16 2017, 6:15 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T691: sdwdate sclockadj change time without spamming logs.

Is there a way to use functions like clock_settime without reporting to the log

Jun 16 2017, 4:07 PM · systemd, research, sclockadj, sdwdate, Whonix

Mar 16 2017

s.sh added a comment to T650: review 30 lines of sclockadj inline C code.

the clock_gettime and clock_settime functions are passing zero as their first parameters and that means CLOCK_REALTIME. Firstly the process needs root privilege to touch real time clock, secondly you need to somehow run it by strace like:

Mar 16 2017, 7:37 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code
s.sh added a comment to T650: review 30 lines of sclockadj inline C code.

The C code itself doesn't have any CPU intensive instruction, if the problem is really what is written as inline C, I suspect the issue is either with

clock_gettime(0, &tps)

or

Mar 16 2017, 6:29 PM · Whonix 14, Whonix, sclockadj, sdwdate, C Code

Mar 10 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

Do you see any things a malicious application could to gain arbitrary code execution through bindp?

Mar 10 2017, 11:55 AM · bindp, security, Whonix 14, C Code, Whonix

Mar 9 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick Do you have anything else from this project remained that needs extra working on ?

Mar 9 2017, 5:49 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick Updated: http://pastebin.com/9XcTZwVG

Mar 9 2017, 4:58 PM · bindp, security, Whonix 14, C Code, Whonix

Mar 8 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick I need more debug info, I suspect the connect function is causing trouble.
Please use this and send the output again: http://pastebin.com/BZqTRBTc

Mar 8 2017, 11:05 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick
Code fixed. Please check and use this: http://pastebin.com/GvDpuC0f

Mar 8 2017, 8:37 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.
In T599#12621, @Patrick wrote:

Why did you add #ifdef SO_REUSEPORT?

Mar 8 2017, 7:27 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.

Well the segfault error is strange here, I must run it locally with your setup to check and debug which is not possible for now, but it's good you made it work finally. Good job Patrick. Still I think PIE related options are not needed for libraries.
I will modify the code by tonight and send the new revisions.

Mar 8 2017, 7:22 AM · bindp, security, Whonix 14, C Code, Whonix

Mar 7 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick Nice, now regular testing needs to be done from your side, please keep in mind that connect function has to change as well, but before that I must assure that current bind() works properly and as expected. If everything goes well I will write whole code from scratch for you by modifying init and connect functions.

Mar 7 2017, 8:14 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick Add

Mar 7 2017, 2:18 PM · bindp, security, Whonix 14, C Code, Whonix

Mar 6 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

What does DSO mean?

Mar 6 2017, 9:48 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.

Can we have all hardening with PIE enabled as well as without ld warning?

Mar 6 2017, 9:36 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick You can compile without -fPIE (I think -fPIC is enough):

Mar 6 2017, 9:03 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick Add

#include <arpa/inet.h>
Mar 6 2017, 8:41 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.

@Patrick The reason that I inserted curly braces is that the first line after "case AF_INET:" is not syntactically a statement, to work around this you may use a dummy sentence or use braces like what I did. The break keyword can be inside that block; there is no difference.

Mar 6 2017, 7:56 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.

@marmarek I changed bind function and uploaded the code at: http://pastebin.com/dZb4yedz

Mar 6 2017, 7:16 PM · bindp, security, Whonix 14, C Code, Whonix

Mar 5 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

@marmarek If the problem is only with applications listening on both AF_INET and AF_UNIX, I think the solution should be easy, we can change the bind function in a way that it only changes local address of the sockaddr_storage while the protocol family is AF_INET. For AF_UNIX address family there doesn't seem to be any need to change the address (the pathname of the socket). By applying these changes will the problem get solved? If yes, I will rewrite the bind function for you to test.

Mar 5 2017, 10:26 PM · bindp, security, Whonix 14, C Code, Whonix

Feb 22 2017

s.sh added a comment to T599: bindp libindp.so C code fixes.

Ok but I still don't know when exactly the problem occurs. The only place where the protocol family is checked is at line 145. This is all the scenario of the program:

Feb 22 2017, 3:06 PM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.

What this code is doing is pretty clear but I don't know for what reason someone should use it. It simply binds the socket to a specific local address instead of the address the programmer of the external command probably decided to use. This results the incomming communication receive to that address instead of the default one . Note that this code only changes the LOCAL address whether the external command be client or server. It only does an additional bind() call. I should know how you use it that caused the problem so that I can reproduce the problem and work on it.
I used protocol families other than AF_INET and didn't observe the problem you reported.

Feb 22 2017, 11:20 AM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.
Feb 22 2017, 11:06 AM · bindp, security, Whonix 14, C Code, Whonix
s.sh added a comment to T599: bindp libindp.so C code fixes.

Unfortunately the problem with this code has not been explained clear enough. It says "The only issue I see is it replace address in all bind calls" but in file 'https://github.com/Whonix/bindp/blob/master/bindp.c' there is no check for address family in your bind function, instead the check is done in connect function at line 145. Unless the packet which is sent to this connect function is corrupted I don't see a reason that the condition (rsk_in->sin_family == AF_INET) return a wrong result. A little more explanation about the problem would help solve it better.

Feb 22 2017, 9:41 AM · bindp, security, Whonix 14, C Code, Whonix