public
/
presentations
5
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

add working demo of libfakerand injection

This commit is contained in:
Ryan Heywood 2024-10-24 15:28:11 -04:00
parent 540233e9f6
commit 5d927852c9
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
4 changed files with 113 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
stagex/demo-auto.cast Normal file
View File

@ -0,0 +1,49 @@
{"version": 2, "width": 63, "height": 15, "timestamp": 1729797434, "env": {"SHELL": "/usr/bin/zsh", "TERM": "screen-256color"}}
[0.090248, "o", "Sending build context to Docker daemon 557.1kB\r"]
[0.093028, "o", "Sending build context to Docker daemon 1.037MB\r\r\r\n"]
[0.100052, "o", "Step 1/27 : FROM scratch AS libfakerand\r\n ---> \r\nStep 2/27 : COPY --from=stagex/busybox . /\r\n"]
[0.326734, "o", " ---> edd79937efa6\r\nStep 3/27 : COPY --from=stagex/rust . /\r\n"]
[3.478221, "o", " ---> 35b5a434bf39\r\nStep 4/27 : COPY --from=stagex/musl . /\r\n"]
[4.308798, "o", " ---> 8d65fe22c193\r\nStep 5/27 : COPY --from=stagex/gcc . /\r\n"]
[7.231311, "o", " ---> f46a59e4564b\r\nStep 6/27 : COPY --from=stagex/llvm . /\r\n"]
[15.022258, "o", " ---> d5f07172a03e\r\nStep 7/27 : COPY --from=stagex/binutils . /\r\n"]
[17.816179, "o", " ---> 1446a550e47e\r\nStep 8/27 : COPY --from=stagex/libunwind . /\r\n"]
[18.026051, "o", " ---> b3a28fc5dea5\r\nStep 9/27 : COPY --from=stagex/git . /\r\n"]
[19.450747, "o", " ---> 7c84e6add4fd\r\nStep 10/27 : COPY --from=stagex/openssl . /\r\n"]
[24.905698, "o", " ---> 05e936ce8fcc\r\nStep 11/27 : COPY --from=stagex/zlib . /\r\n"]
[25.316081, "o", " ---> bfc560e9b56c\r\nStep 12/27 : COPY --from=stagex/curl . /\r\n"]
[25.711448, "o", " ---> ba0ba47e7082\r\nStep 13/27 : COPY --from=stagex/ca-certificates . /\r\n"]
[25.948894, "o", " ---> 3e514bf61f14\r\nStep 14/27 : RUN git clone https://git.distrust.co/public/libfakerand /libfakerand\r\n"]
[25.996504, "o", " ---> Running in 64b239021be1\r\n"]
[26.25651, "o", "\u001b[91mCloning into '/libfakerand'...\r\n\u001b[0m"]
[27.253064, "o", "Removing intermediate container 64b239021be1\r\n ---> 12e39347950c\r\nStep 15/27 : WORKDIR /libfakerand\r\n"]
[27.306275, "o", " ---> Running in 81ef320df04c\r\n"]
[27.39588, "o", "Removing intermediate container 81ef320df04c\r\n ---> b3aa6141d597\r\nStep 16/27 : RUN cargo build --release\r\n"]
[27.42789, "o", " ---> Running in efc23d84c13e\r\n"]
[27.865516, "o", "\u001b[91m Updating crates.io index\r\n\u001b[0m"]
[28.438381, "o", "\u001b[91m Downloading crates ...\r\n\u001b[0m"]
[29.195025, "o", "\u001b[91m Downloaded libc v0.2.155\r\n\u001b[0m"]
[29.297817, "o", "\u001b[91m Compiling libc v0.2.155\r\n\u001b[0m"]
[30.795761, "o", "\u001b[91m Compiling fakerand v0.1.0 (/libfakerand)\r\n\u001b[0m"]
[31.181977, "o", "\u001b[91m Finished `release` profile [optimized] target(s) in 3.48s\r\n\u001b[0m"]
[31.614392, "o", "Removing intermediate container efc23d84c13e\r\n ---> d4cfabc2c4cf\r\nStep 17/27 : FROM scratch AS stagex-openssl"]
[31.614434, "o", "\r\n ---> \r\nStep 18/27 : COPY --from=stagex/libunwind . /"]
[31.614473, "o", "\r\n"]
[31.620488, "o", " ---> Using cache\r\n"]
[31.633181, "o", " ---> 3895b7cdfa39\r\nStep 19/27 : COPY --from=stagex/gcc . /\r\n"]
[31.634595, "o", " ---> Using cache\r\n"]
[31.65996, "o", " ---> 6304acd44b17\r\nStep 20/27 : COPY --from=stagex/openssl . /\r\n"]
[31.661799, "o", " ---> Using cache\r\n"]
[31.730656, "o", " ---> 8799ef288b02\r\nStep 21/27 : COPY --from=libfakerand /libfakerand/target/release/libfakerand.so /usr/lib/libfakerand.so\r\n"]
[31.736582, "o", " ---> Using cache\r\n"]
[31.742629, "o", " ---> ba82f79e88a0\r\nStep 22/27 : ENV LD_PRELOAD=/usr/lib/libfakerand.so\r\n"]
[31.742876, "o", " ---> Using cache\r\n ---> 3e25a2531027\r\nStep 23/27 : ENV FAKERAND=42\r\n"]
[31.74303, "o", " ---> Using cache\r\n ---> e1eef54546c7\r\n"]
[31.743096, "o", "Step 24/27 : FROM stagex-openssl\r\n"]
[31.743904, "o", " ---> e1eef54546c7\r\nStep 25/27 : COPY --from=stagex/musl . /\r\n"]
[31.746176, "o", " ---> Using cache\r\n"]
[31.753847, "o", " ---> d1b29448f0fe\r\nStep 26/27 : ENTRYPOINT [\"/usr/bin/openssl\"]\r\n"]
[31.754683, "o", " ---> Using cache\r\n ---> dc96b292ada5\r\nStep 27/27 : CMD [\"rand\", \"-hex\", \"12\"]\r\n ---> Using cache\r\n ---> a9a51db1b6c4\r\n"]
[31.755884, "o", "Successfully built a9a51db1b6c4\r\n"]
[31.759232, "o", "Successfully tagged stagex/openssl:latest\r\n"]
[32.116324, "o", "2a2a2a2a2a2a2a2a2a2a2a2a\r\n"]

BIN
stagex/img/demo-auto.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 329 KiB

47
stagex/index.md
View File

@ -6,9 +6,13 @@ backgroundColor: #fff
<style>
/* Changed in Marp 4.0.0. Re-center. */
section.lead {
display: flex;
}
section.lead {
display: flex;
}
div.two-columns {
column-count: 2;
}
</style>
![bg left:40% 80%](img/stagex-logo.png)
@ -25,12 +29,9 @@ images of common open source software toolchains full-source bootstrapped from
Stage 0 to the compiler and libraries you'll use.
-->
<!--
-->
---
# The Problem: milk sad wage cup...
# The Problem: Is Your Toolchain Secure?
<!--
At some point in time, your Rust installation was tampered with. In this
@ -60,14 +61,34 @@ Do you know who built _your_ Rust compiler?
-->
```dockerfile
FROM rust
ADD . /app
WORKDIR /app
RUN cargo build --release && \
mv target/release/mnemonicgen /usr/bin/mnemonicgen
ENTRYPOINT ["/usr/bin/mnemonicgen"]
FROM stagex/openssl
COPY --from=stagex/musl . /
ENTRYPOINT ["/usr/bin/openssl"]
CMD ["rand", "-hex", "12"]
```
<hr />
<div class="two-columns">
<div>
```sh
docker build -t stagex/openssl -f stagex-openssl.Containerfile .
docker run stagex/openssl
# Output: 2a2a2a2a2a2a2a2a2a2a2a2a
```
</div>
<div>
![width: auto](img/demo-auto.gif)
</div>
</div>
<!-- Include link to repo -->
<!--

30
stagex/stagex-openssl.Containerfile Normal file
View File

@ -0,0 +1,30 @@
# vim:set ft=dockerfile:
FROM scratch AS libfakerand
COPY --from=stagex/busybox . /
COPY --from=stagex/rust . /
COPY --from=stagex/musl . /
COPY --from=stagex/gcc . /
COPY --from=stagex/llvm . /
COPY --from=stagex/binutils . /
COPY --from=stagex/libunwind . /
COPY --from=stagex/git . /
COPY --from=stagex/openssl . /
COPY --from=stagex/zlib . /
COPY --from=stagex/curl . /
COPY --from=stagex/ca-certificates . /
RUN git clone https://git.distrust.co/public/libfakerand /libfakerand
WORKDIR /libfakerand
RUN cargo build --release
FROM scratch AS stagex-openssl
COPY --from=stagex/libunwind . /
COPY --from=stagex/gcc . /
COPY --from=stagex/openssl . /
COPY --from=libfakerand /libfakerand/target/release/libfakerand.so /usr/lib/libfakerand.so
ENV LD_PRELOAD=/usr/lib/libfakerand.so
ENV FAKERAND=42
FROM stagex-openssl
COPY --from=stagex/musl . /
ENTRYPOINT ["/usr/bin/openssl"]
CMD ["rand", "-hex", "12"]