Page 1 of 1
SheepShaver blacklisted by Google's Santa
Posted: Tue Aug 15, 2017 7:52 am
by Scratchy
Anyone know why SheepShaver is blacklisted by Santa, or how to fix it?
% santactl fileinfo /Applications/SheepShaver_UB_20140201/SheepShaver.app
Calculating 1/12017-08-15 00:07:44.315 santactl[2336:158690] error opening!: 14
Path : /Applications/SheepShaver_UB_20140201/SheepShaver.app/Contents/MacOS/SheepShaver
SHA-256 : 59c363d93474d0351408c7b8c91da4c67d7b3c6c14c4ad8f24ddb4d4ac6f4ad7
SHA-1 : 2610bba7da4dfdfc9b54471a03a20a3717df1c13
Bundle Version : 2.4
Bundle Version Str : 2.4.20140201
Type : Executable (ppc, x86-64, i386)
Page Zero : __PAGEZERO segment missing/bad!
Code-signed : No
Rule : Blacklisted (Scope)
Re: SheepShaver blacklisted by Google's Santa
Posted: Tue Aug 15, 2017 10:29 am
by Ronald P. Regensburg
I am not familiar with Santa and I do not know what kind of rules it uses.
SheepShaver does things in memory that it should not. It sometimes results in the SheepShaver application crashing, though, af far as I am aware, without harm to other processes.
"Page Zero : __PAGEZERO segment missing/bad!" refers to that issue. This could very well be the reason for Santa to blacklist SheepShaver.
Re: SheepShaver blacklisted by Google's Santa
Posted: Tue Aug 15, 2017 1:17 pm
by rickyzhang
Sheepshaver or BII direct addressing use page zero. This is a known security vulnerability if C programmer reference to pointer NULL.
For example, if a C pointer points to an object has been deallocate or fail to allocate memory, it may point to NULL. If programmer didn't check and accidentally reference to it, you may trigger it to run the code you place in page zero. In some case, you can make your shell code runs in kernel mode.
See details in
https://blogs.oracle.com/ksplice/much-a ... ereference
Re: SheepShaver blacklisted by Google's Santa
Posted: Tue Aug 15, 2017 4:09 pm
by Scratchy
Thanks. That makes sense. It'd be pretty hard to emulate old Macs without page zero!
If this issue pops up for other users, here's how to whitelist it:
sudo santactl rule --whitelist --path /path/to/SheepShaver.app
Re: SheepShaver blacklisted by Google's Santa
Posted: Tue Aug 15, 2017 5:35 pm
by adespoton
Also worth noting that this is why running SheepShaver as root (via sudo) is a bad idea -- an outside attacker can gain complete control of your system with relative ease if they know you're running SheepShaver. This means the old Tun/Tap wiki howto is inherently very insecure. Using the bridge interface instead of running as root is significantly more secure.