-1

I have a remote agents with central server. The server writes a gob-encoded struct instance over a TLS connection to the remote agents which checks the Type field and acts accordingly. This requires the agents to be updated every time a new operation is defined as they need to add that behavior.

Is there a way to send machine code as a slice of bytes instead so the agent doesn't have to be redeployed so often?

virullius
  • 939
  • 6
  • 17
  • 4
    That… doesn’t sound like a good idea. Sending complete executables, interpreted scripts, or bytecode (e.g. WebAssembly) might be better alternatives? – Ry- Feb 21 '20 at 22:45
  • What might be bad about it that WebAssembly, or other option would make better? A piece I've left out is that the struct sent over is cryptographically protected. – virullius Feb 21 '20 at 23:59
  • 1
    If it’s trusted code, that removes one reason not to, but it’ll be difficult to make it be able to call anything else without that kind of layer, for example. (i.e. reimplementing a loader sounds tedious.) But, if you don’t need that and you don’t need portability, see the https://stackoverflow.com/questions/2019923/executing-machine-code-in-memory answer with `mmap`; you’ll have to call a C function with that kind of code via Go FFI. – Ry- Feb 22 '20 at 00:12
  • Would people think it so terrible to load a precompiled plugin from disk? Because I'm trying to do basically the same thing, reading from a TCP connection instead of local file is really an irrelevant implementation detail. – virullius Feb 22 '20 at 21:03
  • Yes and no. You’d probably do it as a .so or something, right? I probably should have included that specifically when mentioning “complete executables”. Sending a .so and writing it to disk or in-memory filesystem would be decent enough. – Ry- Feb 24 '20 at 04:47
  • Right, and due to the io.Reader interface in Go, reading from a network connection is the same as reading from a file. So I suppose the question is really about creating and loading a shared object in Go. I cannot find anything suggesting it's possible. – virullius Feb 24 '20 at 14:38
  • The linked answer about `mmap` is very helpful. After some reading I don't believe this will be possible within Go. It seems to go against the fundamental design of the compiler. – virullius Feb 24 '20 at 14:40

1 Answers1

-2

How can I run machine code from byte slice in Go

You cannot. And if there is a package which does such horror: "Burry in the desert, wear gloves".

Stop even thinking about doing this. Talk to Sec asap.

Volker
  • 40,468
  • 7
  • 81
  • 87
  • 1
    I can accept that there may be no way to do this within Go, but the idea that precompiling code to transmit to and be run by a remote agent being absurd and hopelessly insecure is not helpful nor true. – virullius Feb 22 '20 at 21:00