Whole-known-network
<p>"I have a friend who..."<br />Boring, been done for years, often prefix to something bigoted.</p><p>"I know someone who..."<br />Coward's choice. But at least it has some mystery to it.</p><p>"I have an enemy who..."<br />Power move that tells people you know who your enemies are, you have their numbers (and possibly their numbers), and you know how to embarrass them at parties by sharing their worst hot takes. S-tier shit.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@gamingonlinux" class="u-url mention">@<span>gamingonlinux</span></a></span> finally, I have a good reason to update asahi since it came out :pika:</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@gamingonlinux" class="u-url mention">@<span>gamingonlinux</span></a></span> welp, see ya round :/</p>
<p>Okay what the FUCK I made a phone call and my phone lock screen/desktop image abruptly changed, and not only is the new desktop image incredibly cool and abstract looking, it actively looks as if I dropped the phone and the screen got fucked up. I have literally no idea what this image is or where it came from</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@hannesm" class="u-url mention">@<span>hannesm</span></a></span> On Linux, I would consider what ebpf could do for me.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@hannesm" class="u-url mention">@<span>hannesm</span></a></span> I never tried using it, but I think the closest you can get on Linux is to digitally sign the ELF file and use the IMA subsystem. <a href="https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture#Using_digital_signatures_for_immutable_files" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">wiki.gentoo.org/wiki/Integrity</span><span class="invisible">_Measurement_Architecture#Using_digital_signatures_for_immutable_files</span></a><br />If you are already running then verifying yourself is more tricky because someone could've LD_PRELOADed something and intercepted any PLT entries, so you'd have to implement any verification without using PIC code/PLT entries and without using the libc (raw syscalls?). But even that might've been intercepted by the application itself, e.g. the same LD_PRELOAD could ptrace itself and fool you into passing the verification by showing you something else than the actually running app. I think the only way to prevent tampering / malicious code is to check it before it got a chance of executing.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@hannesm" class="u-url mention">@<span>hannesm</span></a></span> AFAIK you still have to deal with /proc/self/maps or /proc/self/exe. The former is obviously subject to name shadowing and the like. It's rarely viewed as suspicious, but unfortunately still "touching the file system".</p>
<p>Consider I have a program that I can execute -- let's say an ELF executable. Are there any neat tricks to compute its hash (of the ELF binary) from the inside the running binary? Oh, this is without touching the file system (trying to get the binary that is currently being executed).</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@gamingonlinux" class="u-url mention">@<span>gamingonlinux</span></a></span> great games, already have three of the for of them. Want to check out the last one now...</p>
