Announcement

Collapse
No announcement yet.

Fedora 28 Looking At Annobin For Binary Watermarking / Implanting Extra Information

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Fedora 28 Looking At Annobin For Binary Watermarking / Implanting Extra Information

    Phoronix: Fedora 28 Looking At Annobin For Binary Watermarking / Implanting Extra Information

    A new feature being considered for Fedora 28 is Annobin as a new GCC plugin that would implant extra information into generated binaries...

    Fedora 28 Looking At Annobin For Binary Watermarking / Implanting Extra Information - Phoronix
    http://www.phoronix.com/scan.php?page=news_item&px=Fedora-28-Annobin
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    And who uninvented simple text files to make us 'need' this?

    Comment

    • #3
      Originally posted by FastCode View Post
      And who uninvented simple text files to make us 'need' this?
      It only adds a comment into ELF files, which already contain lots of information about a binary. It shouldn't really bloat binaries as much as it sounds like, and I'm pretty sure a "strip -s" will remove it altogether.

      The idea generally isn't bad, because you can then check how a binary has been compiled, which is important when you rely on binary distributions and don't want to compile every application yourself, but at the same time would like to know the compiler options used in building it.

      This will let you spot "weak" executables as well as weak optimizations.
      • Likes 6

      Comment

      • #4
        that reminds me- is there any way (easyish) to block execution of unsigned binaries, or alter the environment (automatically) when they are run (eg. execute them in something like chroot)?

        Comment

        • #5
          Originally posted by szymon_g View Post
          that reminds me- is there any way (easyish) to block execution of unsigned binaries, or alter the environment (automatically) when they are run (eg. execute them in something like chroot)?
          You may want to take a look at firejail: https://firejail.wordpress.com/

          Comment

          • #6
            Originally posted by szymon_g View Post
            that reminds me- is there any way (easyish) to block execution of unsigned binaries, or alter the environment (automatically) when they are run (eg. execute them in something like chroot)?
            I don't think that's ready, yet. There has been some recent discussion here: https://lwn.net/Articles/733431/

            Comment

            • #7
              It reminds me of MS, MSVS inserts some undocumented "Rich" header into PE EXE. Of course all this totalitarian backdoor crap is to catch bad guys, not to track down each and every dev and their systems. At least MS always tells us that.

              Comment

              • #8
                Originally posted by szymon_g View Post
                that reminds me- is there any way (easyish) to block execution of unsigned binaries, or alter the environment (automatically) when they are run (eg. execute them in something like chroot)?
                Have you tried implementing it with binfmt?
                As in handling the execution of ELF files and chroot them if they're not from a signed package?
                You're probably gonna need a cache or something because it's probably too costly to do the checking for every exec call.

                Comment

                Previous template Next
                Working...
                X