songxpu
commented
3 years ago This program uses pthread_create to create a server. Does that mean taintgrand can't trace the stain of this multithreaded program?
Closed songxpu closed 3 years ago
songxpu
commented
3 years ago This program uses pthread_create to create a server. Does that mean taintgrand can't trace the stain of this multithreaded program?
wmkhoo
commented
3 years ago Have you tried the --trace-children=yes valgrind option? By default, it's not turned on.
songxpu
commented
3 years ago Hi, I added this option, but it also didn't take effect. I'm very confused.
songxpu
commented
3 years ago When compiling the program, the options I use are "- O0" and "-g", which should be no problem.
:)
wmkhoo
commented
3 years ago Tg looks for system calls recv, recvmsg and recvfrom to taint network data. Could you check if LightFTP uses any of these system calls? You could run strace.
songxpu
commented
3 years ago I see. Thank you very much. :)
songxpu
commented
3 years ago Unfortunately, I found that lighftp uses the recvfrom system call, but taintgrand did not get the data of these FTP requests.
wmkhoo
commented
3 years ago If the accept and recvfrom were done by different threads, Tg would not taint the buffer. The patch marks the file descriptor for all threads as tainted.
songxpu
commented
3 years ago Thank you very much. Now taintgrand can be used for lightftp.
wmkhoo
commented
3 years ago Ok great. Closing this issue.
Hello, this tool is very useful for me, but recently I found that it cannot track some network programs taint, and I don’t know why.
Take this program as an example:https://github.com/hfiref0x/LightFTP
The following is some screenshot.
You can see that taintgrind successfully started the target program
Now I make an FTP request to the server
Let's take a look at the results now. Only the running results of the program are printed out, and there is no taint tracking information.
Is this the cause of taintgrind? wish you a happy life :)