|
|
|
|
|
|
by skissane
1 day ago
|
|
|
> hmm, I'm torn between notes and a second new program header. I'm slightly leaning towards notes, but don't really know. This is my point-Mach-O is more elegant because it applies the “there should be one way to do it” dictum made famous by Python-the answer is load commands. ELF gives you multiple ways to do the same thing and it isn’t always clear which one people should use. > Left with having to put the signature(s) somewhere (one? multiple, if multiple chunks are getting signed? not sure.) The way macOS handles it-the binary contains a table of hashes, with one hash per a page. The table of hashes is itself hashed, and then that hash of hashes is signed. When loading the executable, the kernel saves the table of hashes in kernel memory, checking the hash on the table of hashes and its signature as it does so. Then, all the kernel has to do, is whenever it reads into memory a page from disk, it looks up the expected hash of the page in the hash table, and compares it it to the hash of the page data being read in. (This is a somewhat simplified explanation, not 100% accurate, but conveys the gist of how it works.) |
|
|
…that does make the answer for ELF a program header & then you basically do the same thing. Notes are (as I understand it) for small pieces of information (e.g. a single hash, not a whole bunch of them.)
I see where you're coming from though. Thanks for the very informative discussion!