Whole-known-network
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@hannesm" class="u-url mention">@<span>hannesm</span></a></span> I never tried using it, but I think the closest you can get on Linux is to digitally sign the ELF file and use the IMA subsystem. <a href="https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture#Using_digital_signatures_for_immutable_files" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">wiki.gentoo.org/wiki/Integrity</span><span class="invisible">_Measurement_Architecture#Using_digital_signatures_for_immutable_files</span></a><br />If you are already running then verifying yourself is more tricky because someone could've LD_PRELOADed something and intercepted any PLT entries, so you'd have to implement any verification without using PIC code/PLT entries and without using the libc (raw syscalls?). But even that might've been intercepted by the application itself, e.g. the same LD_PRELOAD could ptrace itself and fool you into passing the verification by showing you something else than the actually running app. I think the only way to prevent tampering / malicious code is to check it before it got a chance of executing.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@hannesm" class="u-url mention">@<span>hannesm</span></a></span> AFAIK you still have to deal with /proc/self/maps or /proc/self/exe. The former is obviously subject to name shadowing and the like. It's rarely viewed as suspicious, but unfortunately still "touching the file system".</p>
<p>Consider I have a program that I can execute -- let's say an ELF executable. Are there any neat tricks to compute its hash (of the ELF binary) from the inside the running binary? Oh, this is without touching the file system (trying to get the binary that is currently being executed).</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@gamingonlinux" class="u-url mention">@<span>gamingonlinux</span></a></span> great games, already have three of the for of them. Want to check out the last one now...</p>
<p>Fedora Asahi Remix 41 brings AAA gaming to Apple Silicon with Linux <a href="https://www.gamingonlinux.com/2024/12/fedora-asahi-remix-41-brings-aaa-gaming-to-apple-silicon-with-linux/" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">gamingonlinux.com/2024/12/fedo</span><span class="invisible">ra-asahi-remix-41-brings-aaa-gaming-to-apple-silicon-with-linux/</span></a></p><p><a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="tag">#<span>Linux</span></a> <a href="https://mastodon.social/tags/Apple" class="mention hashtag" rel="tag">#<span>Apple</span></a> <a href="https://mastodon.social/tags/LinuxGaming" class="mention hashtag" rel="tag">#<span>LinuxGaming</span></a></p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@regehr" class="u-url mention">@<span>regehr</span></a></span> 'simply search the entire solution space' keeps winning</p>
No, it's not called "looking at the circuit board", it's called "manual optical inspection".
<p><span class="h-card" translate="no"><a href="https://not.acu.lt/@ignaloidas" class="u-url mention">@<span>ignaloidas</span></a></span> it was the default in yosys-smtbmc</p>
@whitequark@mastodon.social any reason for yices2 as a SMT solver of choice?
