Graeme Geldenhuys schrieb: > Florian Klaempfl wrote: >>> Probably the author found a way to keep the checksum ? >> 1) On loading, the checksum is not recalculated but the compiler thrusts >> the header so the checksum can be easily patched. >> 2) FPC uses a CRC, a CRC can be easily faked today. > > Without knowing to much about the compiler internals... Wouldn't a SHA1 > be a better option than CRC?
The checksums of FPC PPUs where never meant to prevent malicious modifications of PPUs. This is also why the compiler trusts the checksum written into the header without checking it again so even SHA1 would be useless. Further, a ppu is not completly checksummed, e.g. the implementation part, so you could always hide malicious things in a part of the PPU not being checked or even worse in the .o: Just copy the system.ppu to ~/.maliciousunit, add a malicious system.o to ~/.maliciousunit and modify the user's ~/.fpc.cfg so that the first unit search path is ~/.maliciousunit. The only way to prevent this kind of hacks is: - don't put any user writable directory into the path, namely ~/bin - exit fpc if it is run with root privileges - don't load any fpc.cfg being modifiable by the current user, namely ~/.fpc.cfg I really wonder who would like this ;) After these steps, we could talk about adding cryptographically secure checksums. > For example, Git uses SHA1's to > cryptographically ensure that no revision in the repository has been > tampered with. Just a single byte change generates a completely > different SHA1. This applies for a CRC usually too ;) -- _______________________________________________ Lazarus mailing list [email protected] http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
