What is preloading?


by Jakub Hrozek and Andreas Schneider The LD_PRELOAD trick! Preloading is a feature of the dynamic linker (ld). It is a available on most Unix system and allows to load a user specified, shared library before all other shared libraries which are linked to an executable. Library pre-loading is most commonly used when you need a custom version of a library function to be called. You might want to implement your own malloc(3) and free(3) functions that would perform a rudimentary leak checking or memory access control for example, or you might want to extend the I/O calls to dump data when reverse engineering a binary blob. In this case, the library to be preloaded would implement the functions you…

New features in socket_wrapper 1.1.0


Maybe you already heard of the cwrap project. A set of tools to create a fully isolated network environment to test client/server components on a single host. socket_wrapper is a part of cwrap and I released version 1.1.0 today. In this release I worked together with Michael Adam and we implemented some nice new features like support for IP_PKTINFO for binding on UDP sockets, bindresvport() and more socket options via getsockopt(). This was mostly needed to be able to create a test environment for MIT Kerberos. The upcoming features for the next version are support for passing file description between processes using a unix domain socket and sendmsg()/recvmsg() (SCM_RIGHTS). We would also like to make socket_wrapper thread-safe.

Group support for cmocka


Last Friday I've released cmocka 0.4.0. It has several bugfixes and at least two new features. One is support for groups. This means you can define a setup and teardown function for a group of unit tests. I think some people have been waiting for this. You can find an example here. It is simple and easy to use. The other small feature is a new macro: assert_return_code(). It is designed for standard C function return values which return 0 for success and less than 0 to indicate an error with errno set. It will produce a nice error message! The rest are bugfixes and improvements for error message. Thanks to all contributor and bug reporter! If you think cmocka…

The Gold Linker


After the Update to Fedora 20 I forgot to update the linker to Gold. Today I released that linking Samba is horribly slow. Time to change the linker to Gold again: Fedora: ll /etc/alternatives/ld /usr/sbin/alternatives --set ld /usr/bin/ld.gold openSUSE: ll /etc/alternatives/ld /usr/sbin/update-alternatives --set ld /usr/bin/ld.gold To still build a special project with ld.bfd use: LDFLAGS="-fuse-ld=bfd"

cwrap 1.0.0 – testing your full software stack …


on one single machine! FOSDEM/Brussels, February 2nd, I gave a talk about cwrap. I announced and released version 1.0.0 of cwrap, a set of tools to create a fully isolated network environment to test client/server components on a single host. It provides synthetic account information, hostname resolution and privilege separation support. The heart of cwrap consists of three libraries you can preload to any executable. The libc wrapper project does not require virtualization and can be used to build environments on different operating systems. The project consists of a socket wrapper, NSS module wrapper (users, groups, hosts), and a (s)uid wrapper with support for GNU/Linux, BSD and Solaris. The origin of these wrappers is the Samba project, where the wrappers…

libssh 0.6.0 released


After another development cycle, this time of 2,5 years, the libssh Team is proud to announce version 0.6.0 of libssh. The most important functionality which has been added is a new callback-based server API. Also we added ECDSA support and a new algorithm called gro.h1529370641ssbil1529370641@652a1529370641hs-911529370641552ev1529370641ruc1529370641 for key exchange to have something better than the NIST curves. OpenSSH also uses gro.h1529370641ssbil1529370641@652a1529370641hs-911529370641552ev1529370641ruc1529370641 as the default for key exchange. For ECDSA there is a complete new API for public key management available. Also a big improvement is Kerberos support which has been tested by Red Hat engineers with FreeIPA and gssproxy. Thanks to all contributors!

CM: chromium doesn’t build with JDK 1.7


If you build Android or CyanogenMod and you run into issues with HashSet_jni.h you need the following changes to the chromium_org project: diff --git a/base/android/jni_generator/jni_generator.py b/base/android/jni_generator/jni_generator.py index de865d5..d4a2324 100755 --- a/base/android/jni_generator/jni_generator.py +++ b/base/android/jni_generator/jni_generator.py @@ -555,18 +555,21 @@ class JNIFromJavaSource(object): contents) return JNIFromJavaSource(contents, fully_qualified_class) +def MultipleReplace(string, rep_dict): + pattern = re.compile("|".join([re.escape(k) for k in rep_dict.keys()]), re.M) + return pattern.sub(lambda x: rep_dict[x.group(0)], string) class InlHeaderFileGenerator(object): """Generates an inline header file for JNI integration.""" def __init__(self, namespace, fully_qualified_class, natives, called_by_natives): - self.namespace = namespace - self.fully_qualified_class = fully_qualified_class + self.namespace = MultipleReplace(namespace, {'':''}) + self.fully_qualified_class = MultipleReplace(fully_qualified_class, {'':''}) self.class_name = self.fully_qualified_class.split('/')[-1] self.natives = natives self.called_by_natives = called_by_natives - self.header_guard = fully_qualified_class.replace('/', '_') + '_JNI' + self.header_guard = MultipleReplace(fully_qualified_class, {'/':'_', '':''}) + '_JNI' def…

Curve25519-SHA256 is the default KEX in openSSH too now!


Since some hours gro.h1529370641ssbil1529370641@652a1529370641hs-911529370641552ev1529370641ruc1529370641 is the default KEX in OpenSSH! Several weeks ago Aris added a new Elliptic Curve algorithm for key exchange using Curve25519. After he wrote some kind of a RFC and implemented it in libssh he started to suggest a patch for OpenSSH which finally has been integrated.