Open Jacarte opened 4 years ago
tareq97-zz
commented
4 years ago I am trying to run the Catalan_numbers.c example in dockerized Slump app but getting the below-mentioned output. How much time does it take in the stage LLVM BC to Souper IR candidates?
Jacarte
commented
4 years ago It can take a while, taking into account that the souper exploration can be expensive. However, the timeout in this case (second line in your screenshot) is for half hour.
In the experiments that we ran the time for an answer was 2863.46 seconds.
tareq97-zz
commented
4 years ago @Jacarte I am able to get into the interactive mode using this command(docker run -it --rm -v $(pwd/out:/out -v $(pwd)/vulnerable_programs/report-web-assembly-memory-safety/c --entrypoint /bin/bash jacarte/slumps:app ) but after that, when I am trying to run the vulnerable program getting below-mentioned error. Am I doing something wrong
root@5831e19c674c:/slumps/src# python3 slumps.py interger_overflow.c
Traceback (most recent call last):
File "slumps.py", line 5, in
Jacarte
commented
4 years ago Change the python interpreter to python3.7 instead of python3, python3.7 slumps.py <program>. I will fix it in the doc
tareq97-zz
commented
4 years ago using [python3.7 slumps.py integer_overflow.c] it gives a below-mentioned error. The error says No such file or directory: 'interger_overflow.c'
docker run -it --rm -v $(pwd/out:/out -v $(pwd)/vulnerable_programs/report-web-assembly-memory-safety/c --entrypoint /bin/bash jacarte/slumps:app In the docker command i have mentioned the vulnerable code path. How should I provide the path for vulnerale program.
Jacarte
commented
4 years ago Should be something like this
docker run -it --rm -v $(pwd):/slumps/src/out -v $(pwd)/vulnerable_programs/report-web-assembly-memory-safety/c:/slumps/src --entrypoint /bin/bash jacarte/slumps:appYou are missing the second part for the vulnerabilities volume, therefore, the files are not in the slumps root.
tareq97-zz
commented
4 years ago Tried with the latest command. getting below error after running the slumps.py.
python3.7: can't open file 'slumps.py': [Errno 2] No such file or directory
But the good thing is that able to see vulnerable programs list. Only thing I am not getting is how to mount the src/slumps folder so to run the slumps.py file.
Jacarte
commented
4 years ago Sorry my mistake, you are overriding the src folder thats why you are not seeing the scripts slumps.py. Change the second volume to -v $(pwd)/<vulnerable>:/input or other input folder name. Then you will be able to run python3.7 slumps.py /input/<program>.c
tareq97-zz
commented
4 years ago Thanks for the input Javier I was able to run it but ran into some issues at C to LLVR IR. Are these expected as we are running the vulnerable code?
Jacarte
commented
4 years ago I see...try to remove the EMSCRIPTEN_KEEPALIVE annotation from the C code
tareq97-zz
commented
4 years ago removed the EMSCRIPTEN code from the file and ran it but it is giving an error at LLVM to Souper IR stage. The error is related to redis do I need to install and configure redis db in my system.
Jacarte
commented
4 years ago Changing the entrypoint for the container bypasses the initialization of redis-server service. To launch it again, run nohup redis-server & in the bash console inside the container.
We have three sources for vulnerabilities experimentation with SLUMPs:
Experiment steps:
1 - Port the vulnerable code to WebAssembly using SLUMPs and collecting the original program without optimizations 2 - See if the problem persists in the V8 context (already tested in #7 with emcc)
3 - Feed SLUMPs with the vulnerable program 4 - Collect variants
Notes
In the case of the CVEs, we also need to test if the CVEs related to Binaryen persist after the SLUMPs phase
Use the dockerized SLUMPs app
For example