Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 8 Apr 2010 18:03:49 +0300
From:      Peter Pentchev <roam@ringlet.net>
To:        Patrick Mahan <mahan@mahan.org>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Modifying ELF files
Message-ID:  <20100408150349.GA2929@straylight.ringlet.net>
In-Reply-To: <4BBDE58A.9050502@mahan.org>
References:  <4BBDE58A.9050502@mahan.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--uAKRQypu60I7Lcqm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Apr 08, 2010 at 07:17:46AM -0700, Patrick Mahan wrote:
>=20
> In my job, we are producing applications and KLM's for our product
> that require them to be signed so that our installer will recognize
> and validate our images.
>=20
> The signature is stored in each app as
>=20
> unsigned char signature[40] __attribute__((section(".compsign")));
>=20
> What I need to do is open the file for writing, locate the ".compsign"
> section and stuff in the signature, write it out and close the file.
> (simple ELF manipulation)
>=20
> An 'ls -l' shows the following:
>=20
> % ls compklm.ko
> -rw-r--r--  1 pmahan  pmahan  125296 Apr  6 22:50 /home/pmahan/temp/compk=
lm.ko
>=20
> When I try to run my program
> ./signfile --signature=3DA203239897C8EB360D1EB2C84E8E77B16E5B7C9A compklm=
=2Eko
> open: Text file busy
>=20
> Googling and looking at the kernel sources, it seems that it detects
> this file contains 'shared text', that is, it is an executable file
> and does not allow me to open it for writing.
>=20
> I understand (from my google search) this is a means to keep you from
> shooting yourself in the foot.  But there has got to be a way and I
> really don't want to grovel through the compiler code to find it.  I
> looked at using libelf.so but it also requires that the file be open
> for writing.  So I am kinda of stuck.  If I cannot find a quick solution
> we might need to do all of our signing on our FC11 box which does not
> have this issue.

It's not the compiler code you want to find it, but the install(1)
program that is used to, well, install files into e.g. /bin, /usr/bin,
etc.  What it does is create a temporary file in the directory where
it wants to place the final file, write into the temporary file, and
then, when the file is complete and only when it is complete, it
does a rename(2) syscall, moving the temporary file "over" the real
one.  If a program (or the kernel) is using the old version of
the real file, its inode and its data blocks are still present on
the disk and they are only deleted when the last consumer closes
the file (or rather, the file descriptor it's holding on that inode).
This also guarantees that anyone who tries to open the file will
only open it "when it's ready", and will not try to execute
a partially-written-out executable or something.

So, what you need to do if you want to modify a file is create
a new one in the same directory (well, it's really "on the same
filesystem", but the most portable way to ensure that is to
use the same directory - unless you require from the user to
specify a temporary directory you can use on the same filesystem).
Then, read the original file, write into the new one, and when
you're ready, do a rename(tempfile, realfile).

Hope that helps.

G'luck,
Peter

--=20
Peter Pentchev	roam@space.bg    roam@ringlet.net    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553

--uAKRQypu60I7Lcqm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAku98FEACgkQ7Ri2jRYZRVMmDgCgu6YDmd6MOzTFXzO2smG9Zoag
WVQAniVWe1CTr2ivnUbLCorQlxQD1kIe
=TjRe
-----END PGP SIGNATURE-----

--uAKRQypu60I7Lcqm--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100408150349.GA2929>