Permalink
Browse files

The open() syscall is handled! This is promising!

To test:

  $ LD_PRELOAD=$PWD/libgs.so.1.0.1 /bin/cat /etc/motd

This is still a very basic proof of concept: the file is open and gave back
to the untrusted process but there is a bad interaction in the file
descriptors handling : the seccomp process does not manage to perform a
read() on the given fd.
  • Loading branch information...
0 parents commit bce209152bd55ac4590e56dd70ea333e9b6059bf @nbareil committed Feb 6, 2010
Showing with 7,186 additions and 0 deletions.
  1. +21 −0 Makefile
  2. +6 −0 common.h
  3. +5,697 −0 dlmalloc.c
  4. +560 −0 dlmalloc.h
  5. +191 −0 doc/DESIGN.org
  6. +89 −0 helper.c
  7. +2 −0 helper.h
  8. +68 −0 inject.c
  9. +8 −0 inject.h
  10. +197 −0 jail.c
  11. +8 −0 jail.h
  12. +33 −0 mm.c
  13. +24 −0 mm.h
  14. +83 −0 syscall.py
  15. +129 −0 trusted.py
  16. +70 −0 vfs.py
@@ -0,0 +1,21 @@
+#! /usr/bin/make -f
+
+CFLAGS=-O2 -Wall -w -Wextra
+
+gs: dlmalloc.o mm.o helper.o jail.o inject.o
+ gcc -shared -WI,soname,libgs.so.1 -o libgs.so.1.0.1 dlmalloc.o mm.o helper.o jail.o inject.o -lc -ldl
+
+dlmalloc.o:
+ $(CC) $(CFLAGS) -DMSPACES=1 -DUSE_DL_PREFIX=1 -DONLY_MSPACES=1 -c $(@:.o=.c)
+
+.PHONY: syscalls clean
+
+syscalls: gen_syscall_lists.py syscall.py
+ rm -fr autogen
+ mkdir autogen
+ python gen_syscall_lists.py > autogen/syscall_32.py
+
+clean:
+ rm -f *.o *pyc
+ rm -f libgs.so.1.0.1
+ rm -fr autogen
@@ -0,0 +1,6 @@
+
+#define AUDIT(x, args...) do { fprintf(stderr, "AUDIT: " x, ##args); } while (0)
+#define DEBUGP(x, args...) do { fprintf(stdout, "DEBUGP: " x, ##args);} while (0)
+#define WARNING(x, args...) do { fprintf(stderr, "WARNING: " x, ##args); } while (0)
+#define PERROR(x) do { perror(x); _exit(1); } while (0)
+#define ERROR(x, args...) do { fprintf(stderr,"ERROR: " x, ## args); _exit(1); } while (0)
5,697 dlmalloc.c

Large diffs are not rendered by default.

Oops, something went wrong.
Oops, something went wrong.

0 comments on commit bce2091

Please sign in to comment.