Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 08 Apr 2010 10:22:26 -0700
From:      Patrick Mahan <mahan@mahan.org>
To:        Nate Eldredge <nate@thatsmathematics.com>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Modifying ELF files
Message-ID:  <201004081726.o38HQp8O084761@ns.mahan.org>
In-Reply-To: <Pine.GSO.4.64.1004080806540.5432@zeno.ucsd.edu>
References:  <4BBDE58A.9050502@mahan.org> <Pine.GSO.4.64.1004080806540.5432@zeno.ucsd.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, 8 Apr 2010, Patrick Mahan wrote:
> 
> >
> > In my job, we are producing applications and KLM's for our product
> > that require them to be signed so that our installer will recognize
> > and validate our images.
> >
> > The signature is stored in each app as
> >
> > unsigned char signature[40] __attribute__((section(".compsign")));
> >
> > What I need to do is open the file for writing, locate the ".compsign"
> > section and stuff in the signature, write it out and close the file.
> > (simple ELF manipulation)
> >
> > An 'ls -l' shows the following:
> >
> > % ls compklm.ko
> > -rw-r--r--  1 pmahan  pmahan  125296 Apr  6 22:50 
> > /home/pmahan/temp/compklm.ko
> >
> > When I try to run my program
> > ./signfile --signature=A203239897C8EB360D1EB2C84E8E77B16E5B7C9A compklm.ko
> > open: Text file busy
> >
> > Googling and looking at the kernel sources, it seems that it detects
> > this file contains 'shared text', that is, it is an executable file
> > and does not allow me to open it for writing.
> 
> My understanding was that ETXTBSY occurs when you attempt to open for 
> writing a file which is actually being executed, i.e. is mapped into some 
> process.  I'm not aware that open(2) actually looks at the file itself to 
> see if it is an executable; that would be very surprising to me.
> 
> What does "fstat -m compklm.ko" say?
>

% fstat -m compklm.ko
USER     CMD          PID   FD MOUNT      INUM MODE         SZ|DV R/W NAME
% 
 
> What happens if you "cp compklm.ko foo.ko" and try to sign foo.ko?  You 
> should then be able to do "mv foo.ko compklm.ko"; if compklm.ko is 
> in fact mapped into some process, it will continue to use the original 
> version, which will be kept around (invisibly) until all mappings go away. 
> This is what compilers, install(8), etc, normally do.
> 
> Does your signfile program do anything with the target file before 
> open(..., O_RDWR)?
>

I've just found my problem.  We have a wrapper program that basically handles
parsing command line options and is suppose to adjust the argv[] array so
that it only contains the remaining non-option targets starting at index zero.
So I am doing 'open(argv[0], O_RDWR, 0)' expecting it to be the .ko file.
Turns out it was not operating as described (whipping post to be erected later);
so argv[0] actually pointed at the operating program, not the first target past
the cmd line options. *-)

Mystery solved.

Thanks,

Patrick 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201004081726.o38HQp8O084761>