Skip to content

Break FD hacks#19

Merged
ngc92 merged 4 commits intomasterfrom
defence-against-the-dark-arts-3
Mar 4, 2026
Merged

Break FD hacks#19
ngc92 merged 4 commits intomasterfrom
defence-against-the-dark-arts-3

Conversation

@ngc92
Copy link
Collaborator

@ngc92 ngc92 commented Mar 3, 2026

use pipes instead of unlinked files to guarantee unidirectional transfers

@ngc92 ngc92 requested review from Copilot and msaroufim March 3, 2026 23:57
Copilot AI reviewed Mar 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR replaces the previous “unlinked temp file” result channel used by the isolated benchmark subprocess with inherited pipes, aiming to enforce unidirectional result transfer and reduce FD-based tampering opportunities.

Changes:

  • Switch benchmark result transport from a temp file to a one-way pipe, and add a subprocess timeout.
  • Add a “signature” mechanism intended to authenticate result output from the C++ layer.
  • Update C++ benchmark manager to write results via FILE* (from an FD) and emit the signature marker; update exploit scripts to target pipe-based transport.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 12 comments.

Show a summary per file
File Description
python/pygpubench/init.py Uses pipes for results + adds timeout + signature verification parsing
csrc/manager.h Changes manager constructor to accept FDs; stores output as FILE* and signature string
csrc/manager.cpp Uses fdopen/fprintf/fflush; reads signature from FD and emits it in output
csrc/binding.cpp Updates nanobind binding signature to pass FDs into BenchmarkManager
exploits/submission_thread_fd.py Adjusts exploit’s FD search heuristic to look for FIFOs instead of unlinked files
exploits/submission_fd_overwrite.py Rewrites exploit narrative/logic to target writable FIFO FDs

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ngc92 ngc92 force-pushed the defence-against-the-dark-arts-3 branch from 0605d74 to 58984e4 Compare March 4, 2026 00:07
@ngc92 ngc92 requested a review from Copilot March 4, 2026 00:36
Copilot AI reviewed Mar 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 10 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ngc92 ngc92 force-pushed the defence-against-the-dark-arts-3 branch from 0ba5968 to 0cb1c1e Compare March 4, 2026 00:58
@ngc92 ngc92 requested a review from Copilot March 4, 2026 00:58
Copilot AI reviewed Mar 4, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ngc92 ngc92 force-pushed the defence-against-the-dark-arts-3 branch from 0cb1c1e to 57d2b1f Compare March 4, 2026 01:23
@ngc92 ngc92 merged commit 3032d23 into master Mar 4, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@msaroufim msaroufim Awaiting requested review from msaroufim

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ngc92