From owner-freebsd-hackers@FreeBSD.ORG Thu Apr 8 15:14:01 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A86CB106568B for ; Thu, 8 Apr 2010 15:14:01 +0000 (UTC) (envelope-from nate@thatsmathematics.com) Received: from euclid.ucsd.edu (euclid.ucsd.edu [132.239.145.52]) by mx1.freebsd.org (Postfix) with ESMTP id 8C7668FC1C for ; Thu, 8 Apr 2010 15:14:01 +0000 (UTC) Received: from zeno.ucsd.edu (zeno.ucsd.edu [132.239.145.22]) by euclid.ucsd.edu (8.11.7p3+Sun/8.11.7) with ESMTP id o38FE0Y27071; Thu, 8 Apr 2010 08:14:00 -0700 (PDT) Received: from localhost (neldredg@localhost) by zeno.ucsd.edu (8.11.7p3+Sun/8.11.7) with ESMTP id o38FE0o15763; Thu, 8 Apr 2010 08:14:00 -0700 (PDT) X-Authentication-Warning: zeno.ucsd.edu: neldredg owned process doing -bs Date: Thu, 8 Apr 2010 08:14:00 -0700 (PDT) From: Nate Eldredge X-X-Sender: neldredg@zeno.ucsd.edu To: Patrick Mahan In-Reply-To: <4BBDE58A.9050502@mahan.org> Message-ID: References: <4BBDE58A.9050502@mahan.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-hackers@freebsd.org Subject: Re: Modifying ELF files X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Apr 2010 15:14:01 -0000 On Thu, 8 Apr 2010, Patrick Mahan wrote: > > In my job, we are producing applications and KLM's for our product > that require them to be signed so that our installer will recognize > and validate our images. > > The signature is stored in each app as > > unsigned char signature[40] __attribute__((section(".compsign"))); > > What I need to do is open the file for writing, locate the ".compsign" > section and stuff in the signature, write it out and close the file. > (simple ELF manipulation) > > An 'ls -l' shows the following: > > % ls compklm.ko > -rw-r--r-- 1 pmahan pmahan 125296 Apr 6 22:50 > /home/pmahan/temp/compklm.ko > > When I try to run my program > ./signfile --signature=A203239897C8EB360D1EB2C84E8E77B16E5B7C9A compklm.ko > open: Text file busy > > Googling and looking at the kernel sources, it seems that it detects > this file contains 'shared text', that is, it is an executable file > and does not allow me to open it for writing. My understanding was that ETXTBSY occurs when you attempt to open for writing a file which is actually being executed, i.e. is mapped into some process. I'm not aware that open(2) actually looks at the file itself to see if it is an executable; that would be very surprising to me. What does "fstat -m compklm.ko" say? What happens if you "cp compklm.ko foo.ko" and try to sign foo.ko? You should then be able to do "mv foo.ko compklm.ko"; if compklm.ko is in fact mapped into some process, it will continue to use the original version, which will be kept around (invisibly) until all mappings go away. This is what compilers, install(8), etc, normally do. Does your signfile program do anything with the target file before open(..., O_RDWR)? -- Nate Eldredge nate@thatsmathematics.com