Closed songxpu closed 3 years ago
This program uses pthread_create to create a server. Does that mean taintgrand can't trace the stain of this multithreaded program?
Have you tried the --trace-children=yes valgrind option? By default, it's not turned on.
Hi, I added this option, but it also didn't take effect. I'm very confused.
When compiling the program, the options I use are "- O0" and "-g", which should be no problem.
:)
Tg looks for system calls recv, recvmsg and recvfrom to taint network data. Could you check if LightFTP uses any of these system calls? You could run strace.
I see. Thank you very much. :)
Unfortunately, I found that lighftp uses the recvfrom system call, but taintgrand did not get the data of these FTP requests.
If the accept and recvfrom were done by different threads, Tg would not taint the buffer. The patch marks the file descriptor for all threads as tainted.
Thank you very much. Now taintgrand can be used for lightftp.
Ok great. Closing this issue.
Hello, this tool is very useful for me, but recently I found that it cannot track some network programs taint, and I don’t know why.
Take this program as an example:https://github.com/hfiref0x/LightFTP
The following is some screenshot.
You can see that taintgrind successfully started the target program
Now I make an FTP request to the server
Let's take a look at the results now. Only the running results of the program are printed out, and there is no taint tracking information.
Is this the cause of taintgrind? wish you a happy life :)