./run.sh no_race_detector exits abnormally

[xdzhang-xdu]

HI, I'm re-running your work. According to the guide of README.md, I encountered an issue when running ./run.sh no_race_detector.

The details is as follow: ConAnalysis/TESTS/libsafe-cve-1125$ ./run.sh no_race_detector Traceback (most recent call last): File "./valgrindOutputParser.py", line 220, in main(args) File "./valgrindOutputParser.py", line 182, in main runNormalConAnalysis(args) NameError: global name 'runNormalConAnalysis' is not defined cp: cannot stat 'race_report?': No such file or directory

[ruigulala]

Are you able to get the LastTest.log from the previous step?

The step you're running is actually an optional one. Checking LastTest.log from the ctest step should be good enough.

[xdzhang-xdu]

Thanks. I have got it done. I have another question about how to run the scripts or shells to exploit an concurrency attack. Could you give me some more detailed guide?

[SimonZsx]

Hi Xiaodong,

The exact exploit script is prohibited to be accessed by the public, as instructed by the RedHat security team and common security field practices.

But you can check the corresponding CVE threads, where the RedHat team concludes the vulnerabilities according to our provided exploit scripts.

For example, the two 0-day flaws we detected:

CVE-2017-7533: https://bugzilla.redhat.com/show_bug.cgi?id=1468283 You can already conduct this attack by following the description concluded in: https://access.redhat.com/security/vulnerabilities/3112931

Another one: https://bugzilla.redhat.com/show_bug.cgi?id=1501215

You can find a corresponding discussion thread about all the bugs we reported by searching the attack name.

But do remember to use a software version (e.g., kernel version) before the corresponding flaw is fixed.

Best regards Shixiong

Xiaodong Zhang @.***> 于2021年10月11日周一 下午12:40写道：

Thanks. I have got it done. I have another question about how to run the scripts or shells to exploit an concurrency attack. Could you give me some more detailed guide?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ruigulala/ConAnalysis/issues/5#issuecomment-939676251, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACG42LXGJDXEI2UUXCYXKCLUGJTDLANCNFSM5FBZI4EA .

-- Simon ZHAO 趙世雄

Bachelor of Engineering(CompSci) The University of Hong Kong @.*** Mobile:+852 9358 8304/+86 14714918304

Think Beyond,Act Beyond

[xdzhang-xdu]

Sorry, I didn't express it clearly. I mean that your readme file doesn't show the guide of how to exploit the vulnerabilities in your benchmarks. I have built your project on my machine, and passed the ctest. I guess that the files in dir scripts are responsible for triggering the concurrency bugs and exploiting the vulnerabilities by these bugs. But I dont know how to run this scripts in a right order, for example apache-25520.