Revert "SystemSan: arbitrary DNS resolution detection (#8448)"

This reverts commit 98eda2b.

infra/experimental/SystemSan/Makefile

@@ -2,9 +2,9 @@
 CXX     = clang++
 CFLAGS = -std=c++17 -Wall -Wextra -O3 -g3
 
-all: clean SystemSan target target_file target_dns
+all: clean SystemSan target target_file
 
-SystemSan: SystemSan.cpp inspect_dns.cpp inspect_utils.cpp
+SystemSan: SystemSan.cpp
 	$(CXX) $(CFLAGS) -lpthread -o $@ $^
 
 target: target.cpp
@@ -13,13 +13,9 @@ target: target.cpp
 target_file: target_file.cpp
 	$(CXX) $(CFLAGS) -fsanitize=address,fuzzer -o $@ $^
 
-target_dns: target_dns.cpp
-	$(CXX) $(CFLAGS) -fsanitize=address,fuzzer -o $@ $^
-
 test:  all vuln.dict
 	./SystemSan ./target -dict=vuln.dict
 	./SystemSan ./target_file -dict=vuln.dict
-	./SystemSan ./target_dns -dict=vuln.dict
 
 pytorch-lightning-1.5.10:
 	cp SystemSan.cpp PoEs/pytorch-lightning-1.5.10/; \
@@ -34,4 +30,4 @@ node-shell-quote-v1.7.3:
 	docker run -t systemsan_node-shell-quote:latest;
 
 clean:
-	rm -f SystemSan /tmp/tripwire target target_file target_dns
+	rm -f SystemSan /tmp/tripwire target target_file

infra/experimental/SystemSan/SystemSan.cpp

@@ -40,9 +40,6 @@
 #include <string>
 #include <vector>
 
-#include "inspect_utils.h"
-#include "inspect_dns.h"
-
 #define DEBUG_LOGS 0
 
 #if DEBUG_LOGS
@@ -165,6 +162,23 @@ pid_t run_child(char **argv) {
   return pid;
 }
 
+std::vector<std::byte> read_memory(pid_t pid, unsigned long long address,
+                                   size_t size) {
+  std::vector<std::byte> memory;
+
+  for (size_t i = 0; i < size; i += sizeof(long)) {
+    long word = ptrace(PTRACE_PEEKTEXT, pid, address + i, 0);
+    if (word == -1) {
+      return memory;
+    }
+
+    std::byte *word_bytes = reinterpret_cast<std::byte *>(&word);
+    memory.insert(memory.end(), word_bytes, word_bytes + sizeof(long));
+  }
+
+  return memory;
+}
+
 // Construct a string with the memory specified in a register.
 std::string read_string(pid_t pid, unsigned long reg, unsigned long length) {
   auto memory = read_memory(pid, reg, length);
@@ -177,6 +191,27 @@ std::string read_string(pid_t pid, unsigned long reg, unsigned long length) {
   return content;
 }
 
+void report_bug(std::string bug_type, pid_t tid) {
+  // Report the bug found based on the bug code.
+  std::cerr << "===BUG DETECTED: " << bug_type.c_str() << "===\n";
+  // Rely on sanitizers/libFuzzer to produce a stacktrace by sending SIGABRT
+  // to the root process.
+  // Note: this may not be reliable or consistent if shell injection happens
+  // in an async way.
+  // Find the thread group id, that is the pid.
+  pid_t pid = tid;
+  auto parent = root_pids[tid];
+  while (!parent.ran_exec) {
+    // Find the first parent which ran exec syscall.
+    if (parent.parent_tid == g_root_pid) {
+      break;
+    }
+    pid = parent.parent_tid;
+    parent = root_pids[parent.parent_tid];
+  }
+  tgkill(pid, tid, SIGABRT);
+}
+
 void inspect_for_injection(pid_t pid, const user_regs_struct &regs) {
   // Inspect a PID's registers for the sign of shell injection.
   std::string path = read_string(pid, regs.rdi, kTripWire.length());
@@ -424,8 +459,6 @@ int trace(std::map<pid_t, Tracee> pids) {
             }
           }
 
-          inspect_dns_syscalls(pid, regs);
-
           if (regs.orig_rax == __NR_openat) {
             inspect_for_arbitrary_file_open(pid, regs);
           }