Re: Three steps we could take to make supply chain attacks a bit harder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2024-04-01 23:59, Gordon Messmer wrote:
Now gdb can print the GOT with the paths providing the memory section containing a function.  For example, on a Debian 12 system with liblzma 5.6:
Purely as trivia, and as I haven't seen it discussed elsewhere, the malware steals a different set of symbols on Fedora, where RSA_public_decrypt doesn't seem to appear in the GOT at all.  On Fedora 40: 

gef➤  got RSA

GOT protection: Full RelRO | GOT functions: 503
[0x556ac0b94ff8] RSA_set0_key@OPENSSL_3.0.0  →  0x7f4e95dafce0 : /usr/lib64/libcrypto.so.3.2.1 [0x556ac0b951c0] RSA_bits@OPENSSL_3.0.0  →  0x7f4e95daf0a0 : /usr/lib64/libcrypto.so.3.2.1 [0x556ac0b951e0] EVP_PKEY_set1_RSA@OPENSSL_3.0.0  → 0x7f4e960e23b0 : /usr/lib64/liblzma.so.5.6.1 [0x556ac0b95310] RSA_set0_crt_params@OPENSSL_3.0.0  → 0x7f4e95dafea0 : /usr/lib64/libcrypto.so.3.2.1 [0x556ac0b953c8] RSA_size@OPENSSL_3.0.0  →  0x7f4e95daf0b0 : /usr/lib64/libcrypto.so.3.2.1 [0x556ac0b95518] RSA_new@OPENSSL_3.0.0  →  0x7f4e95db3330 : /usr/lib64/libcrypto.so.3.2.1 [0x556ac0b95778] RSA_get0_crt_params@OPENSSL_3.0.0  → 0x7f4e95dae490 : /usr/lib64/libcrypto.so.3.2.1 [0x556ac0b95870] RSA_free@OPENSSL_3.0.0  →  0x7f4e95db2f00 : /usr/lib64/libcrypto.so.3.2.1 [0x556ac0b95b90] RSA_get0_key@OPENSSL_3.0.0  →  0x7f4e960e1ac0 : /usr/lib64/liblzma.so.5.6.1 [0x556ac0b95c00] RSA_get0_factors@OPENSSL_3.0.0  →  0x7f4e95dae470 : /usr/lib64/libcrypto.so.3.2.1 [0x556ac0b95c88] EVP_PKEY_get1_RSA@OPENSSL_3.0.0  → 0x7f4e95d59710 : /usr/lib64/libcrypto.so.3.2.1 [0x556ac0b95da0] RSA_get_ex_data@OPENSSL_3.0.0  →  0x7f4e95db3440 : /usr/lib64/libcrypto.so.3.2.1 [0x556ac0b95e50] RSA_set0_factors@OPENSSL_3.0.0  →  0x7f4e95dafdc0 : /usr/lib64/libcrypto.so.3.2.1 [0x556ac0b95f00] RSA_blinding_on@OPENSSL_3.0.0  →  0x7f4e95db17f0 : /usr/lib64/libcrypto.so.3.2.1 
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux