search

plummm / SyzScope

SyzScope is a research project that aims to reveal high-risk security bugs on Syzbot. Learn more details in our paper.
MIT License
72 stars 12 forks source link

Docker/runner #7

Closed whoismissing closed 1 year ago

whoismissing commented 1 year ago

Features:

Hi, I've added a Dockerfile to expose a reproducible build for researchers looking to reproduce the research.

I'm aware that there are already docker images on dockerhub but I was interested in identifying the minimum system dependencies and permissions and being able to make changes if needed.

I've tested building and running SyzScope using this docker build on my host running Ubuntu 20.04 LTS and Docker version 20.10.17.

There's a small quirk that I'm going to push a fix for related to the syzkaller build at run-time. Additionally, despite the kernel build running to completion, my target kernel would immediately exit in QEMU.

However by copying over the bzImage and vmlinux files from the etenal/syzscope:ready2go container image, I was able to reproduce the CVE-2018-25015 example by running the command python3 syzscope -i a8d38d1b68ffc744c53bd9b9fc1dbd6c86b1afe2 -RP -SE --timeout-symbolic-execution 3600.

Currently, the build aligns more with the etenal/syzscope:mini container image. For some reason, running requirements.sh in the docker build isn't persisting the changes in order to have a build that aligns with the etenal/syzscope:ready2go container image.

plummm commented 1 year ago

It would be helpful if you can insert another section in the README to explain the usage

plummm commented 1 year ago

Thanks for the new feature.