E-Maculation
https://www.emaculation.com/forum/

SheepShaver blacklisted by Google's Santa
https://www.emaculation.com/forum/viewtopic.php?f=20&t=9440
Page 1 of 1

Author:  Scratchy [ Tue Aug 15, 2017 7:52 am ]
Post subject:  SheepShaver blacklisted by Google's Santa

Anyone know why SheepShaver is blacklisted by Santa, or how to fix it?


% santactl fileinfo /Applications/SheepShaver_UB_20140201/SheepShaver.app
Calculating 1/12017-08-15 00:07:44.315 santactl[2336:158690] error opening!: 14
Path : /Applications/SheepShaver_UB_20140201/SheepShaver.app/Contents/MacOS/SheepShaver
SHA-256 : 59c363d93474d0351408c7b8c91da4c67d7b3c6c14c4ad8f24ddb4d4ac6f4ad7
SHA-1 : 2610bba7da4dfdfc9b54471a03a20a3717df1c13
Bundle Version : 2.4
Bundle Version Str : 2.4.20140201
Type : Executable (ppc, x86-64, i386)
Page Zero : __PAGEZERO segment missing/bad!
Code-signed : No
Rule : Blacklisted (Scope)

Author:  Ronald P. Regensburg [ Tue Aug 15, 2017 10:29 am ]
Post subject:  Re: SheepShaver blacklisted by Google's Santa

I am not familiar with Santa and I do not know what kind of rules it uses.

SheepShaver does things in memory that it should not. It sometimes results in the SheepShaver application crashing, though, af far as I am aware, without harm to other processes.
"Page Zero : __PAGEZERO segment missing/bad!" refers to that issue. This could very well be the reason for Santa to blacklist SheepShaver.

Author:  rickyzhang [ Tue Aug 15, 2017 1:17 pm ]
Post subject:  Re: SheepShaver blacklisted by Google's Santa

Sheepshaver or BII direct addressing use page zero. This is a known security vulnerability if C programmer reference to pointer NULL.

For example, if a C pointer points to an object has been deallocate or fail to allocate memory, it may point to NULL. If programmer didn't check and accidentally reference to it, you may trigger it to run the code you place in page zero. In some case, you can make your shell code runs in kernel mode.

See details in https://blogs.oracle.com/ksplice/much-a ... ereference

Author:  Scratchy [ Tue Aug 15, 2017 4:09 pm ]
Post subject:  Re: SheepShaver blacklisted by Google's Santa

Thanks. That makes sense. It'd be pretty hard to emulate old Macs without page zero!

If this issue pops up for other users, here's how to whitelist it:
sudo santactl rule --whitelist --path /path/to/SheepShaver.app

Author:  adespoton [ Tue Aug 15, 2017 5:35 pm ]
Post subject:  Re: SheepShaver blacklisted by Google's Santa

Also worth noting that this is why running SheepShaver as root (via sudo) is a bad idea -- an outside attacker can gain complete control of your system with relative ease if they know you're running SheepShaver. This means the old Tun/Tap wiki howto is inherently very insecure. Using the bridge interface instead of running as root is significantly more secure.

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/