Login  •  Register


The time is now: Sat Sep 23, 2017 11:41 pm

Emaculation wiki  •  Delete all board cookies



Post new topic  Reply to topic Page 1 of 1 [ 5 posts ]
Print view Previous topic  |  Next topic
Author Message
PostPosted: Tue Aug 15, 2017 7:52 am 
Offline
Space Cadet

Joined: Tue Aug 15, 2017 5:17 am
Posts: 2
Anyone know why SheepShaver is blacklisted by Santa, or how to fix it?


% santactl fileinfo /Applications/SheepShaver_UB_20140201/SheepShaver.app
Calculating 1/12017-08-15 00:07:44.315 santactl[2336:158690] error opening!: 14
Path : /Applications/SheepShaver_UB_20140201/SheepShaver.app/Contents/MacOS/SheepShaver
SHA-256 : 59c363d93474d0351408c7b8c91da4c67d7b3c6c14c4ad8f24ddb4d4ac6f4ad7
SHA-1 : 2610bba7da4dfdfc9b54471a03a20a3717df1c13
Bundle Version : 2.4
Bundle Version Str : 2.4.20140201
Type : Executable (ppc, x86-64, i386)
Page Zero : __PAGEZERO segment missing/bad!
Code-signed : No
Rule : Blacklisted (Scope)


Top
 Profile  
Reply with quote Post a reply  
PostPosted: Tue Aug 15, 2017 10:29 am 
Offline
Expert User
User avatar

Joined: Thu Feb 09, 2006 10:24 pm
Posts: 4800
Location: Amsterdam, Netherlands
I am not familiar with Santa and I do not know what kind of rules it uses.

SheepShaver does things in memory that it should not. It sometimes results in the SheepShaver application crashing, though, af far as I am aware, without harm to other processes.
"Page Zero : __PAGEZERO segment missing/bad!" refers to that issue. This could very well be the reason for Santa to blacklist SheepShaver.


Top
 Profile  
Reply with quote Post a reply  
PostPosted: Tue Aug 15, 2017 1:17 pm 
Offline
Granny Smith
User avatar

Joined: Mon Sep 15, 2014 7:59 pm
Posts: 124
Sheepshaver or BII direct addressing use page zero. This is a known security vulnerability if C programmer reference to pointer NULL.

For example, if a C pointer points to an object has been deallocate or fail to allocate memory, it may point to NULL. If programmer didn't check and accidentally reference to it, you may trigger it to run the code you place in page zero. In some case, you can make your shell code runs in kernel mode.

See details in https://blogs.oracle.com/ksplice/much-a ... ereference

_________________
There is an App for that!
https://github.com/rickyzhang82


Top
 Profile  
Reply with quote Post a reply  
PostPosted: Tue Aug 15, 2017 4:09 pm 
Offline
Space Cadet

Joined: Tue Aug 15, 2017 5:17 am
Posts: 2
Thanks. That makes sense. It'd be pretty hard to emulate old Macs without page zero!

If this issue pops up for other users, here's how to whitelist it:
sudo santactl rule --whitelist --path /path/to/SheepShaver.app


Top
 Profile  
Reply with quote Post a reply  
PostPosted: Tue Aug 15, 2017 5:35 pm 
Offline
Forum All-Star
User avatar

Joined: Fri Nov 27, 2009 5:11 am
Posts: 1756
Also worth noting that this is why running SheepShaver as root (via sudo) is a bad idea -- an outside attacker can gain complete control of your system with relative ease if they know you're running SheepShaver. This means the old Tun/Tap wiki howto is inherently very insecure. Using the bridge interface instead of running as root is significantly more secure.


Top
 Profile  
Reply with quote Post a reply  
Display posts from previous:  Sort by  
Post new topic  Reply to topic Page 1 of 1 [ 5 posts ]


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
 

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group