FreeBSD Bugzilla – Attachment 186552 Details for
Bug 221132
[NEW PORT] security/sandsifter: x86 processor fuzzer
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
improved port submission, run-tested
sandsifter.shar (text/plain), 9.22 KB, created by
Rene Ladan
on 2017-09-19 18:36:06 UTC
(
hide
)
Description:
improved port submission, run-tested
Filename:
MIME Type:
Creator:
Rene Ladan
Created:
2017-09-19 18:36:06 UTC
Size:
9.22 KB
patch
obsolete
># This is a shell archive. Save it in a file, remove anything before ># this line, and then unpack it by entering "sh file". Note, it may ># create directories; files and directories will be owned by you and ># have default permissions. ># ># This archive contains: ># ># security/sandsifter/ ># security/sandsifter/pkg-plist ># security/sandsifter/files ># security/sandsifter/files/patch-injector.c ># security/sandsifter/files/patch-Makefile ># security/sandsifter/files/pkg-message.in ># security/sandsifter/files/patch-sifter.py ># security/sandsifter/distinfo ># security/sandsifter/Makefile ># security/sandsifter/pkg-descr ># >echo c - security/sandsifter/ >mkdir -p security/sandsifter/ > /dev/null 2>&1 >echo x - security/sandsifter/pkg-plist >sed 's/^X//' >security/sandsifter/pkg-plist << 'd9dbe2783fe7d092b537ce28ef038ed3' >Xbin/injector >Xbin/sifter >Xbin/summarize >X%%PORTDOCS%%%%DOCSDIR%%/README.md >X%%PORTDOCS%%%%DOCSDIR%%/domas_breaking_the_x86_isa.pdf >X%%PORTDOCS%%%%DOCSDIR%%/domas_breaking_the_x86_isa_wp.pdf >X%%PORTDOCS%%%%DOCSDIR%%/sandsifter.gif >X%%PORTDOCS%%%%DOCSDIR%%/screenshot.png >X%%PORTDOCS%%%%DOCSDIR%%/summarizer.png >X%%DATADIR%%/gui/__init__.py >X%%DATADIR%%/gui/gui.py >X%%DATADIR%%/pyutil/__init__.py >X%%DATADIR%%/pyutil/colors.py >X%%DATADIR%%/pyutil/progress.py >X%%DATADIR%%/sifter.py >X%%DATADIR%%/summarize.py >d9dbe2783fe7d092b537ce28ef038ed3 >echo c - security/sandsifter/files >mkdir -p security/sandsifter/files > /dev/null 2>&1 >echo x - security/sandsifter/files/patch-injector.c >sed 's/^X//' >security/sandsifter/files/patch-injector.c << '1168543107b696442b9afaf7d275c545' >X--- injector.c.orig 2017-07-27 19:17:30 UTC >X+++ injector.c >X@@ -77,10 +77,24 @@ cs_insn *capstone_insn; >X >X /* 32 vs 64 */ >X >X-#if __x86_64__ >X- #define IP REG_RIP >X+#ifdef __linux__ >X+# define PAGE_SIZE 4096 >X+# define EFL gregs[REG_EFL] >X+# if __x86_64__ >X+# define IP gregs[REG_RIP] >X+# else >X+# define IP gregs[REG_EIP] >X+# endif >X #else >X- #define IP REG_EIP >X+# include <pthread_np.h> >X+ typedef cpuset_t cpu_set_t; >X+# if __x86_64__ >X+# define IP mc_rip >X+# define EFL mc_rflags >X+# else >X+# define IP mc_eip >X+# define EFL mc_eflags >X+# endif >X #endif >X >X /* leave state as 0 */ >X@@ -155,7 +169,6 @@ state_t inject_state={ >X /* x86/64 */ >X >X #define UD2_SIZE 2 >X-#define PAGE_SIZE 4096 >X #define TF 0x100 >X >X /* injection */ >X@@ -850,7 +863,7 @@ void inject(int insn_size) >X void state_handler(int signum, siginfo_t* si, void* p) >X { >X fault_context=((ucontext_t*)p)->uc_mcontext; >X- ((ucontext_t*)p)->uc_mcontext.gregs[IP]+=UD2_SIZE; >X+ ((ucontext_t*)p)->uc_mcontext.IP+=UD2_SIZE; >X } >X >X void fault_handler(int signum, siginfo_t* si, void* p) >X@@ -863,7 +876,7 @@ void fault_handler(int signum, siginfo_t* si, void* p) >X >X /* make an initial estimate on the instruction length from the fault address */ >X insn_length= >X- (uintptr_t)uc->uc_mcontext.gregs[IP]-(uintptr_t)packet-preamble_length; >X+ (uintptr_t)uc->uc_mcontext.IP-(uintptr_t)packet-preamble_length; >X >X if (insn_length<0) { >X insn_length=JMP_LENGTH; >X@@ -880,9 +893,13 @@ void fault_handler(int signum, siginfo_t* si, void* p) >X (signum==SIGSEGV||signum==SIGBUS)?(uint32_t)(uintptr_t)si->si_addr:(uint32_t)-1 >X }; >X >X+#ifdef __linux__ >X memcpy(uc->uc_mcontext.gregs, fault_context.gregs, sizeof(fault_context.gregs)); >X- uc->uc_mcontext.gregs[IP]=(uintptr_t)&resume; >X- uc->uc_mcontext.gregs[REG_EFL]&=~TF; >X+#else >X+ memcpy(&uc->uc_mcontext, &fault_context, sizeof(fault_context)); >X+#endif >X+ uc->uc_mcontext.IP=(uintptr_t)&resume; >X+ uc->uc_mcontext.EFL&=~TF; >X } >X >X void configure_sig_handler(void (*handler)(int, siginfo_t*, void*)) >X@@ -1341,7 +1358,13 @@ void pin_core(void) >X cpu_set_t mask; >X CPU_ZERO(&mask); >X CPU_SET(config.core,&mask); >X- if (sched_setaffinity(0, sizeof(mask), &mask)) { >X+#ifdef __linux__ >X+ if (sched_setaffinity(0, sizeof(mask), &mask)) >X+#else >X+ if (cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_PID, >X+ -1, sizeof(mask), &mask)) >X+#endif >X+ { >X printf("error: failed to set cpu\n"); >X exit(1); >X } >X@@ -1439,7 +1462,7 @@ int main(int argc, char** argv) >X null_p=mmap(0, PAGE_SIZE, PROT_READ|PROT_WRITE, >X MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); >X if (null_p==MAP_FAILED) { >X- printf("null access requires running as root\n"); >X+ printf("null access requires running as root, %i\n", errno); >X exit(1); >X } >X } >1168543107b696442b9afaf7d275c545 >echo x - security/sandsifter/files/patch-Makefile >sed 's/^X//' >security/sandsifter/files/patch-Makefile << 'f056f4586c3dd2d6dc3a9d1874555749' >X--- Makefile.orig 2017-07-27 19:17:30 UTC >X+++ Makefile >X@@ -32,7 +32,7 @@ >X all: injector >X >X injector: injector.o >X- $(CC) $(CFLAGS) $< -O3 -Wall -l:libcapstone.a -o $@ -pthread >X+ $(CC) $(CFLAGS) $(LIBS) $(LDFLAGS) $< -Wall -l:libcapstone.a -o $@ -pthread >X >X %.o: %.c >X $(CC) $(CFLAGS) -c $< -o $@ -Wall >f056f4586c3dd2d6dc3a9d1874555749 >echo x - security/sandsifter/files/pkg-message.in >sed 's/^X//' >security/sandsifter/files/pkg-message.in << '74b53304807b6ca027952891ccf0830a' >X >XAttention >X >XBefore use this tool You should set: >X >Xsysctl security.bsd.map_at_zero=1 >X >X >74b53304807b6ca027952891ccf0830a >echo x - security/sandsifter/files/patch-sifter.py >sed 's/^X//' >security/sandsifter/files/patch-sifter.py << '530291b84bed0380790b321a4b628262' >X--- sifter.py.orig 2017-09-19 16:25:44 UTC >X+++ sifter.py >X@@ -27,10 +27,10 @@ import code >X import copy >X from ctypes import * >X >X-INJECTOR = "./injector" >X+INJECTOR = "injector" >X arch = "" >X >X-OUTPUT = "./data/" >X+OUTPUT = os.getenv("HOME") + "/.sandsifter/" >X LOG = OUTPUT + "log" >X SYNC = OUTPUT + "sync" >X TICK = OUTPUT + "tick" >X@@ -679,9 +679,7 @@ class Gui: >X time.sleep(self.TIME_SLICE) >X >X def get_cpu_info(): >X- with open("/proc/cpuinfo", "r") as f: >X- cpu = [l.strip() for l in f.readlines()[:7]] >X- return cpu >X+ return "01234567" >X >X def dump_artifacts(r, injector, command_line): >X global arch >X@@ -808,9 +806,16 @@ def main(): >X if not os.path.exists(OUTPUT): >X os.makedirs(OUTPUT) >X >X+ real_injector, errors = \ >X+ subprocess.Popen( >X+ ['which', INJECTOR], >X+ stdout=subprocess.PIPE, >X+ stderr=subprocess.PIPE >X+ ).communicate() >X+ real_injector = real_injector.replace('\n', '') # strip newline from shell output >X injector_bitness, errors = \ >X subprocess.Popen( >X- ['file', INJECTOR], >X+ ['file', real_injector], >X stdout=subprocess.PIPE, >X stderr=subprocess.PIPE >X ).communicate() >530291b84bed0380790b321a4b628262 >echo x - security/sandsifter/distinfo >sed 's/^X//' >security/sandsifter/distinfo << 'fadf11d6fede041a00e99201a90d6c0b' >XTIMESTAMP = 1501534237 >XSHA256 (xoreaxeaxeax-sandsifter-0.1-dff63246fed84d90118441b8ba5b5d3bdd094427_GH0.tar.gz) = 010d662705bb67035e3d6b93a0fbe0bcf7ab2b5ba93e6eb977eb614c7dec3691 >XSIZE (xoreaxeaxeax-sandsifter-0.1-dff63246fed84d90118441b8ba5b5d3bdd094427_GH0.tar.gz) = 5284438 >XTIMESTAMP = 1505751266 >XSHA256 (xoreaxeaxeax-sandsifter-0.1-dff63246fed84d90118441b8ba5b5d3bdd094427_GH0.tar.gz) = 010d662705bb67035e3d6b93a0fbe0bcf7ab2b5ba93e6eb977eb614c7dec3691 >XSIZE (xoreaxeaxeax-sandsifter-0.1-dff63246fed84d90118441b8ba5b5d3bdd094427_GH0.tar.gz) = 5284438 >fadf11d6fede041a00e99201a90d6c0b >echo x - security/sandsifter/Makefile >sed 's/^X//' >security/sandsifter/Makefile << '4682dec6c69ed45ddcab39947a65f5b8' >X# $FreeBSD$ >X >XPORTNAME= sandsifter >XPORTVERSION= 0.1 >XCATEGORIES= security >X >XMAINTAINER= rozhuk.im@gmail.com >XCOMMENT= Processor fuzzer for x86 CPUs >X >XBUILD_DEPENDS= ${LOCALBASE}/include/capstone/capstone.h:devel/capstone3 >XRUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}capstone>0:devel/py-capstone >X >XUSES= gmake python localbase shebangfix >X >XUSE_GITHUB= yes >XGH_ACCOUNT= xoreaxeaxeax >XGH_TAGNAME= dff63246fed84d90118441b8ba5b5d3bdd094427 >XSHEBANG_FILES= sifter.py summarize.py >X >XOPTIONS_DEFINE= DOCS >X >XPORTDOCS= references/* >X >Xdo-install: >X (cd ${WRKSRC} && ${COPYTREE_SHARE} gui ${STAGEDIR}${DATADIR}) >X (cd ${WRKSRC} && ${COPYTREE_SHARE} pyutil ${STAGEDIR}${DATADIR}) >X ${INSTALL_PROGRAM} ${WRKSRC}/injector ${STAGEDIR}${PREFIX}/bin >X ${INSTALL_SCRIPT} ${WRKSRC}/sifter.py ${STAGEDIR}${DATADIR} >X ${INSTALL_SCRIPT} ${WRKSRC}/summarize.py ${STAGEDIR}${DATADIR} >X ${RLN} ${STAGEDIR}${DATADIR}/sifter.py ${STAGEDIR}${PREFIX}/bin/sifter >X ${RLN} ${STAGEDIR}${DATADIR}/summarize.py ${STAGEDIR}${PREFIX}/bin/summarize >X ${MKDIR} ${STAGEDIR}${DOCSDIR} >X ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} >X >Xpost-install-DOCS-on: >X ${INSTALL_DATA} ${WRKSRC}/references/* ${STAGEDIR}${DOCSDIR} >X >X.include <bsd.port.mk> >4682dec6c69ed45ddcab39947a65f5b8 >echo x - security/sandsifter/pkg-descr >sed 's/^X//' >security/sandsifter/pkg-descr << '119de69cfc1a24ddbd2a90bec9b080f8' >XThe sandsifter audits x86 processors for hidden instructions and >Xhardware bugs, by systematically generating machine code to search >Xthrough a processor's instruction set, and monitoring execution for >Xanomalies. Sandsifter has uncovered secret processor instructions from >Xevery major vendor; ubiquitous software bugs in disassemblers, >Xassemblers, and emulators; flaws in enterprise hypervisors; and both >Xbenign and security-critical hardware bugs in x86 chips. >X >XWWW: https://github.com/xoreaxeaxeax/sandsifter >119de69cfc1a24ddbd2a90bec9b080f8 >exit >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=186552">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 221132
:
184876
|
184923
|
184924
| 186552