[Lazarus] TTrayIcon on Cocoa

Tobias Giesen tobias_subscriber at tgtools.com
Wed Aug 26 00:22:11 CEST 2009


Graeme Geldenhuys schrieb:
> Florian Klaempfl wrote:
>>> Probably the author found a way to keep the checksum ?
>> 1) On loading, the checksum is not recalculated but the compiler thrusts
>> the header so the checksum can be easily patched.
>> 2) FPC uses a CRC, a CRC can be easily faked today.
> 
> Without knowing to much about the compiler internals... Wouldn't a SHA1
> be a better option than CRC?  

The checksums of FPC PPUs where never meant to prevent malicious
modifications of PPUs. This is also why the compiler trusts the checksum
written into the header without checking it again so even SHA1 would be
useless. Further, a ppu is not completly checksummed, e.g. the
implementation part, so you could always hide malicious things in a part
of the PPU not being checked or even worse in the .o: Just copy the
system.ppu to ~/.maliciousunit, add a malicious system.o to
~/.maliciousunit and modify the user's ~/.fpc.cfg so that the first unit
search path is ~/.maliciousunit.

The only way to prevent this kind of hacks is:
- don't put any user writable directory into the path, namely ~/bin
- exit fpc if it is run with root privileges
- don't load any fpc.cfg being modifiable by the current user, namely
~/.fpc.cfg

I really wonder who would like this ;)

After these steps, we could talk about adding cryptographically secure
checksums.

> For example, Git uses SHA1's to
> cryptographically ensure that no revision in the repository has been
> tampered with. Just a single byte change generates a completely
> different SHA1.

This applies for a CRC usually too ;)




More information about the Lazarus mailing list