Open vanhauser-thc opened 5 years ago
the tainting of read on wrong fd's are because the log entry is wrong, this corrects it:
diff --git a/libdft64/syscall_desc.cpp b/libdft64/syscall_desc.cpp
index 22bcc7f..616fcc0 100644
--- a/libdft64/syscall_desc.cpp
+++ b/libdft64/syscall_desc.cpp
@@ -900,7 +900,6 @@ post_read_hook(THREADID tid, syscall_ctx_t *ctx)
nbytes = (uint32_t)ctx->ret;
int fd = ctx->arg[SYSCALL_ARG0];
- LOG("Setting taint " + decstr(fd) + "\n");
/*std::set<int>::iterator it;
for(it=fdset.begin();it!=fdset.end();it++){
LOG(decstr(*it) + "\n");
@@ -915,6 +914,7 @@ post_read_hook(THREADID tid, syscall_ctx_t *ctx)
}else{
read_
}*/
+ LOG("Setting taint " + decstr(fd) + " " + decstr(nbytes) + " bytes\n");
read_offset_start = lseek(fd, 0, SEEK_CUR);
if(unlikely(read_offset_start < 0)){
LOG("Error on lseeking " + decstr(fd) + "\n");
@vanhauser-thc So is it working fine now with this patch? I mean wrong log entry is a only problem?
I compiled libdft with pin-3.7 and EWAHBoolArray-0.4.0.
As the command line options to watch file descriptions etc have been removed I added just this to the code:
Some output excerpts of "pin -follow_execv -t ./obj-intel64/libdft-dta.so -- unrar x /tmp/test.rar ":
It taints stuff it should not:
it specifically says "ignoring fd" but still setting taint. this happens all over the place
however it also taints correctly:
this looks good
but then never follows the taint:
that fd 4 should have tainted bytes written is not reported.
same if "md5sum /tmp/test.rar" is done, it should show tainted writes to stdout.