add working demo of libfakerand injection
This commit is contained in:
parent
540233e9f6
commit
5d927852c9
|
@ -0,0 +1,49 @@
|
||||||
|
{"version": 2, "width": 63, "height": 15, "timestamp": 1729797434, "env": {"SHELL": "/usr/bin/zsh", "TERM": "screen-256color"}}
|
||||||
|
[0.090248, "o", "Sending build context to Docker daemon 557.1kB\r"]
|
||||||
|
[0.093028, "o", "Sending build context to Docker daemon 1.037MB\r\r\r\n"]
|
||||||
|
[0.100052, "o", "Step 1/27 : FROM scratch AS libfakerand\r\n ---> \r\nStep 2/27 : COPY --from=stagex/busybox . /\r\n"]
|
||||||
|
[0.326734, "o", " ---> edd79937efa6\r\nStep 3/27 : COPY --from=stagex/rust . /\r\n"]
|
||||||
|
[3.478221, "o", " ---> 35b5a434bf39\r\nStep 4/27 : COPY --from=stagex/musl . /\r\n"]
|
||||||
|
[4.308798, "o", " ---> 8d65fe22c193\r\nStep 5/27 : COPY --from=stagex/gcc . /\r\n"]
|
||||||
|
[7.231311, "o", " ---> f46a59e4564b\r\nStep 6/27 : COPY --from=stagex/llvm . /\r\n"]
|
||||||
|
[15.022258, "o", " ---> d5f07172a03e\r\nStep 7/27 : COPY --from=stagex/binutils . /\r\n"]
|
||||||
|
[17.816179, "o", " ---> 1446a550e47e\r\nStep 8/27 : COPY --from=stagex/libunwind . /\r\n"]
|
||||||
|
[18.026051, "o", " ---> b3a28fc5dea5\r\nStep 9/27 : COPY --from=stagex/git . /\r\n"]
|
||||||
|
[19.450747, "o", " ---> 7c84e6add4fd\r\nStep 10/27 : COPY --from=stagex/openssl . /\r\n"]
|
||||||
|
[24.905698, "o", " ---> 05e936ce8fcc\r\nStep 11/27 : COPY --from=stagex/zlib . /\r\n"]
|
||||||
|
[25.316081, "o", " ---> bfc560e9b56c\r\nStep 12/27 : COPY --from=stagex/curl . /\r\n"]
|
||||||
|
[25.711448, "o", " ---> ba0ba47e7082\r\nStep 13/27 : COPY --from=stagex/ca-certificates . /\r\n"]
|
||||||
|
[25.948894, "o", " ---> 3e514bf61f14\r\nStep 14/27 : RUN git clone https://git.distrust.co/public/libfakerand /libfakerand\r\n"]
|
||||||
|
[25.996504, "o", " ---> Running in 64b239021be1\r\n"]
|
||||||
|
[26.25651, "o", "\u001b[91mCloning into '/libfakerand'...\r\n\u001b[0m"]
|
||||||
|
[27.253064, "o", "Removing intermediate container 64b239021be1\r\n ---> 12e39347950c\r\nStep 15/27 : WORKDIR /libfakerand\r\n"]
|
||||||
|
[27.306275, "o", " ---> Running in 81ef320df04c\r\n"]
|
||||||
|
[27.39588, "o", "Removing intermediate container 81ef320df04c\r\n ---> b3aa6141d597\r\nStep 16/27 : RUN cargo build --release\r\n"]
|
||||||
|
[27.42789, "o", " ---> Running in efc23d84c13e\r\n"]
|
||||||
|
[27.865516, "o", "\u001b[91m Updating crates.io index\r\n\u001b[0m"]
|
||||||
|
[28.438381, "o", "\u001b[91m Downloading crates ...\r\n\u001b[0m"]
|
||||||
|
[29.195025, "o", "\u001b[91m Downloaded libc v0.2.155\r\n\u001b[0m"]
|
||||||
|
[29.297817, "o", "\u001b[91m Compiling libc v0.2.155\r\n\u001b[0m"]
|
||||||
|
[30.795761, "o", "\u001b[91m Compiling fakerand v0.1.0 (/libfakerand)\r\n\u001b[0m"]
|
||||||
|
[31.181977, "o", "\u001b[91m Finished `release` profile [optimized] target(s) in 3.48s\r\n\u001b[0m"]
|
||||||
|
[31.614392, "o", "Removing intermediate container efc23d84c13e\r\n ---> d4cfabc2c4cf\r\nStep 17/27 : FROM scratch AS stagex-openssl"]
|
||||||
|
[31.614434, "o", "\r\n ---> \r\nStep 18/27 : COPY --from=stagex/libunwind . /"]
|
||||||
|
[31.614473, "o", "\r\n"]
|
||||||
|
[31.620488, "o", " ---> Using cache\r\n"]
|
||||||
|
[31.633181, "o", " ---> 3895b7cdfa39\r\nStep 19/27 : COPY --from=stagex/gcc . /\r\n"]
|
||||||
|
[31.634595, "o", " ---> Using cache\r\n"]
|
||||||
|
[31.65996, "o", " ---> 6304acd44b17\r\nStep 20/27 : COPY --from=stagex/openssl . /\r\n"]
|
||||||
|
[31.661799, "o", " ---> Using cache\r\n"]
|
||||||
|
[31.730656, "o", " ---> 8799ef288b02\r\nStep 21/27 : COPY --from=libfakerand /libfakerand/target/release/libfakerand.so /usr/lib/libfakerand.so\r\n"]
|
||||||
|
[31.736582, "o", " ---> Using cache\r\n"]
|
||||||
|
[31.742629, "o", " ---> ba82f79e88a0\r\nStep 22/27 : ENV LD_PRELOAD=/usr/lib/libfakerand.so\r\n"]
|
||||||
|
[31.742876, "o", " ---> Using cache\r\n ---> 3e25a2531027\r\nStep 23/27 : ENV FAKERAND=42\r\n"]
|
||||||
|
[31.74303, "o", " ---> Using cache\r\n ---> e1eef54546c7\r\n"]
|
||||||
|
[31.743096, "o", "Step 24/27 : FROM stagex-openssl\r\n"]
|
||||||
|
[31.743904, "o", " ---> e1eef54546c7\r\nStep 25/27 : COPY --from=stagex/musl . /\r\n"]
|
||||||
|
[31.746176, "o", " ---> Using cache\r\n"]
|
||||||
|
[31.753847, "o", " ---> d1b29448f0fe\r\nStep 26/27 : ENTRYPOINT [\"/usr/bin/openssl\"]\r\n"]
|
||||||
|
[31.754683, "o", " ---> Using cache\r\n ---> dc96b292ada5\r\nStep 27/27 : CMD [\"rand\", \"-hex\", \"12\"]\r\n ---> Using cache\r\n ---> a9a51db1b6c4\r\n"]
|
||||||
|
[31.755884, "o", "Successfully built a9a51db1b6c4\r\n"]
|
||||||
|
[31.759232, "o", "Successfully tagged stagex/openssl:latest\r\n"]
|
||||||
|
[32.116324, "o", "2a2a2a2a2a2a2a2a2a2a2a2a\r\n"]
|
Binary file not shown.
After Width: | Height: | Size: 329 KiB |
|
@ -6,9 +6,13 @@ backgroundColor: #fff
|
||||||
|
|
||||||
<style>
|
<style>
|
||||||
/* Changed in Marp 4.0.0. Re-center. */
|
/* Changed in Marp 4.0.0. Re-center. */
|
||||||
section.lead {
|
section.lead {
|
||||||
display: flex;
|
display: flex;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
div.two-columns {
|
||||||
|
column-count: 2;
|
||||||
|
}
|
||||||
</style>
|
</style>
|
||||||
|
|
||||||
![bg left:40% 80%](img/stagex-logo.png)
|
![bg left:40% 80%](img/stagex-logo.png)
|
||||||
|
@ -25,12 +29,9 @@ images of common open source software toolchains full-source bootstrapped from
|
||||||
Stage 0 to the compiler and libraries you'll use.
|
Stage 0 to the compiler and libraries you'll use.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<!--
|
|
||||||
-->
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# The Problem: milk sad wage cup...
|
# The Problem: Is Your Toolchain Secure?
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
At some point in time, your Rust installation was tampered with. In this
|
At some point in time, your Rust installation was tampered with. In this
|
||||||
|
@ -60,14 +61,34 @@ Do you know who built _your_ Rust compiler?
|
||||||
-->
|
-->
|
||||||
|
|
||||||
```dockerfile
|
```dockerfile
|
||||||
FROM rust
|
FROM stagex/openssl
|
||||||
ADD . /app
|
COPY --from=stagex/musl . /
|
||||||
WORKDIR /app
|
ENTRYPOINT ["/usr/bin/openssl"]
|
||||||
RUN cargo build --release && \
|
CMD ["rand", "-hex", "12"]
|
||||||
mv target/release/mnemonicgen /usr/bin/mnemonicgen
|
|
||||||
ENTRYPOINT ["/usr/bin/mnemonicgen"]
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
<hr />
|
||||||
|
|
||||||
|
<div class="two-columns">
|
||||||
|
|
||||||
|
<div>
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker build -t stagex/openssl -f stagex-openssl.Containerfile .
|
||||||
|
docker run stagex/openssl
|
||||||
|
# Output: 2a2a2a2a2a2a2a2a2a2a2a2a
|
||||||
|
```
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
|
||||||
|
![width: auto](img/demo-auto.gif)
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
<!-- Include link to repo -->
|
<!-- Include link to repo -->
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
# vim:set ft=dockerfile:
|
||||||
|
FROM scratch AS libfakerand
|
||||||
|
COPY --from=stagex/busybox . /
|
||||||
|
COPY --from=stagex/rust . /
|
||||||
|
COPY --from=stagex/musl . /
|
||||||
|
COPY --from=stagex/gcc . /
|
||||||
|
COPY --from=stagex/llvm . /
|
||||||
|
COPY --from=stagex/binutils . /
|
||||||
|
COPY --from=stagex/libunwind . /
|
||||||
|
COPY --from=stagex/git . /
|
||||||
|
COPY --from=stagex/openssl . /
|
||||||
|
COPY --from=stagex/zlib . /
|
||||||
|
COPY --from=stagex/curl . /
|
||||||
|
COPY --from=stagex/ca-certificates . /
|
||||||
|
RUN git clone https://git.distrust.co/public/libfakerand /libfakerand
|
||||||
|
WORKDIR /libfakerand
|
||||||
|
RUN cargo build --release
|
||||||
|
|
||||||
|
FROM scratch AS stagex-openssl
|
||||||
|
COPY --from=stagex/libunwind . /
|
||||||
|
COPY --from=stagex/gcc . /
|
||||||
|
COPY --from=stagex/openssl . /
|
||||||
|
COPY --from=libfakerand /libfakerand/target/release/libfakerand.so /usr/lib/libfakerand.so
|
||||||
|
ENV LD_PRELOAD=/usr/lib/libfakerand.so
|
||||||
|
ENV FAKERAND=42
|
||||||
|
|
||||||
|
FROM stagex-openssl
|
||||||
|
COPY --from=stagex/musl . /
|
||||||
|
ENTRYPOINT ["/usr/bin/openssl"]
|
||||||
|
CMD ["rand", "-hex", "12"]
|
Loading…
Reference in New Issue