SheepShaver blacklisted by Google's Santa

About SheepShaver, a PPC Mac emulator for Windows, MacOS X, and Linux that can run System 7.5.3 to MacOS 9.0.4.

Moderators: Cat_7, Ronald P. Regensburg, ClockWise

Post Reply
Scratchy
Space Cadet
Posts: 2
Joined: Tue Aug 15, 2017 5:17 am

SheepShaver blacklisted by Google's Santa

Post by Scratchy »

Anyone know why SheepShaver is blacklisted by Santa, or how to fix it?


% santactl fileinfo /Applications/SheepShaver_UB_20140201/SheepShaver.app
Calculating 1/12017-08-15 00:07:44.315 santactl[2336:158690] error opening!: 14
Path : /Applications/SheepShaver_UB_20140201/SheepShaver.app/Contents/MacOS/SheepShaver
SHA-256 : 59c363d93474d0351408c7b8c91da4c67d7b3c6c14c4ad8f24ddb4d4ac6f4ad7
SHA-1 : 2610bba7da4dfdfc9b54471a03a20a3717df1c13
Bundle Version : 2.4
Bundle Version Str : 2.4.20140201
Type : Executable (ppc, x86-64, i386)
Page Zero : __PAGEZERO segment missing/bad!
Code-signed : No
Rule : Blacklisted (Scope)
User avatar
Ronald P. Regensburg
Expert User
Posts: 7821
Joined: Thu Feb 09, 2006 10:24 pm
Location: Amsterdam, Netherlands

Re: SheepShaver blacklisted by Google's Santa

Post by Ronald P. Regensburg »

I am not familiar with Santa and I do not know what kind of rules it uses.

SheepShaver does things in memory that it should not. It sometimes results in the SheepShaver application crashing, though, af far as I am aware, without harm to other processes.
"Page Zero : __PAGEZERO segment missing/bad!" refers to that issue. This could very well be the reason for Santa to blacklist SheepShaver.
User avatar
rickyzhang
Apple Corer
Posts: 205
Joined: Mon Sep 15, 2014 7:59 pm

Re: SheepShaver blacklisted by Google's Santa

Post by rickyzhang »

Sheepshaver or BII direct addressing use page zero. This is a known security vulnerability if C programmer reference to pointer NULL.

For example, if a C pointer points to an object has been deallocate or fail to allocate memory, it may point to NULL. If programmer didn't check and accidentally reference to it, you may trigger it to run the code you place in page zero. In some case, you can make your shell code runs in kernel mode.

See details in https://blogs.oracle.com/ksplice/much-a ... ereference
There is an App for that!
https://github.com/rickyzhang82
Scratchy
Space Cadet
Posts: 2
Joined: Tue Aug 15, 2017 5:17 am

Re: SheepShaver blacklisted by Google's Santa

Post by Scratchy »

Thanks. That makes sense. It'd be pretty hard to emulate old Macs without page zero!

If this issue pops up for other users, here's how to whitelist it:
sudo santactl rule --whitelist --path /path/to/SheepShaver.app
User avatar
adespoton
Forum All-Star
Posts: 4208
Joined: Fri Nov 27, 2009 5:11 am
Location: Emaculation.com
Contact:

Re: SheepShaver blacklisted by Google's Santa

Post by adespoton »

Also worth noting that this is why running SheepShaver as root (via sudo) is a bad idea -- an outside attacker can gain complete control of your system with relative ease if they know you're running SheepShaver. This means the old Tun/Tap wiki howto is inherently very insecure. Using the bridge interface instead of running as root is significantly more secure.
Post Reply