void run_check() {
const auto opened_after = open_fds();
ASSERT_EQ(opened_before.size(), opened_after.size()) << "Number of file descriptors changed";
EXPECT_TRUE(std::equal(opened_before.cbegin(), opened_before.cend(), opened_after.cbegin()))
<< "Set of opened file descriptors changed";
}
check_fixed_fds() : opened_before(open_fds()) { }
void open_fds(char *dir)
{
char b[4096];
int openflag, fd, r;
DIR *d = opendir(dir);
struct dirent *de;
struct stat buf;
char *modestr;
unsigned int chance;
if (!d) {
printf("can't open %s\n", dir);
return;
}
while ((de = readdir(d))) {
memset(&buf, 0, sizeof(struct stat));
snprintf(b, sizeof(b), "%s/%s", dir, de->d_name);
if (ignore_files(de->d_name))
continue; /*".", "..", everything that's not a regular file or directory !*/
r = lstat(b,&buf);
if (r == -1)
continue;
openflag = 0;
if (S_ISLNK(buf.st_mode))
continue;
if (S_ISFIFO(buf.st_mode))
continue;
//if (S_ISREG(buf.st_mode))
// continue;
if (S_ISDIR(buf.st_mode)) {
/* probability of adding a directory to the list. */
chance = 5;
openflag = O_RDONLY;
if (buf.st_uid != getuid()) {
/* We don't own the dir, is it group/other readable ? */
if (buf.st_mode & (S_IRGRP|S_IROTH)) {
open_fds(b);
goto openit;
}
} else {
/* We own this dir. */
open_fds(b);
goto openit;
}
} else {
int mode_was_set = 0;
/* if we own the file, unlikely, since you should NOT run this thing as root */
if (buf.st_uid == getuid()) {
if (buf.st_mode & S_IRUSR) {
openflag &= O_RDONLY;
mode_was_set = 1;
}
if (buf.st_mode & S_IWUSR) {
openflag |= O_WRONLY;
mode_was_set = 1;
}
} else if (buf.st_gid == getgid()) {
if (buf.st_mode & S_IRGRP) {
openflag &= O_RDONLY;
mode_was_set = 1;
}
if (buf.st_mode & S_IWGRP) {
openflag |= O_WRONLY;
mode_was_set = 1;
}
} else {
if (buf.st_mode & S_IROTH) {
openflag &= O_RDONLY;
mode_was_set = 1;
}
if (buf.st_mode & S_IWOTH) {
openflag |= O_WRONLY;
mode_was_set = 1;
}
}
//if (strcmp(de->d_name, "sr0") == 0) {
// printf("sr0 mode = %o\n", buf.st_mode);
//}
if (!mode_was_set) {
//printf("couldn't find a mode to open %s\n", b);
continue;
}
if ((openflag & O_RDONLY) && (openflag & O_WRONLY))
openflag = O_RDWR;
/* files have a higher probability of success than directories
* also, writable files are probably more 'fun' */
switch (openflag) {
case O_RDONLY: chance = 10; break;
case O_WRONLY: chance = 100; break;
case O_RDWR: chance = 100; break;
}
openit:
if (fds_left_to_create == 0)
break;
fd = add_fd(chance, b, openflag);
if (fd == -1)
continue;
switch (openflag) {
case O_RDONLY: modestr = "read-only"; break;
case O_WRONLY: modestr = "write-only"; break;
case O_RDWR: modestr = "read-write"; break;
}
output("fd[%i] = %s (%s)\n", fd, b, modestr);
fds[fd_idx++] = fd;
fds_left_to_create--;
}
}
closedir(d);
}
int main(int argc, char* argv[])
{
int ret = EXIT_SUCCESS;
int childstatus;
pid_t pid;
const char taskname[13]="trinity-main";
outputstd("Trinity " VERSION " Dave Jones <*****@*****.**>\n");
progname = argv[0];
initpid = getpid();
page_size = getpagesize();
num_online_cpus = sysconf(_SC_NPROCESSORS_ONLN);
max_children = num_online_cpus; /* possibly overridden in params. */
set_seed(0);
/* Select the syscall table to use to fuzz, depending on the arch used. */
/* The syscall table is an array of pointer to an extern struct syscallentry. */
/* Each syscall is represented as a syscall entry */
/* Each syscallentry is defined an a c file in syscalls/, one for each syscall. */
select_syscall_tables();
create_shm();
/* We do this before the parse_args because --fds will need to
* operate on it when implemented.
*/
setup_fd_providers();
parse_args(argc, argv);
init_uids();
change_tmp_dir();
if (logging == TRUE)
open_main_logfile();
init_shm();
kernel_taint_initial = check_tainted();
if (kernel_taint_initial != 0)
output(0, "Kernel was tainted on startup. Will ignore flags that are already set.\n");
if (munge_tables() == FALSE) {
ret = EXIT_FAILURE;
goto out;
}
if (show_syscall_list == TRUE) {
dump_syscall_tables();
goto out;
}
init_syscalls();
if (show_ioctl_list == TRUE) {
dump_ioctls();
goto out;
}
do_uid0_check();
if (do_specific_domain == TRUE)
find_specific_domain(specific_domain_optarg);
setup_initial_mappings();
parse_devices();
pids_init();
setup_main_signals();
/* check if we ctrl'c or something went wrong during init. */
if (shm->exit_reason != STILL_RUNNING)
goto cleanup_fds;
init_watchdog();
/* do an extra fork so that the watchdog and the children don't share a common parent */
fflush(stdout);
pid = fork();
if (pid == 0) {
open("/dev/video0", O_RDWR);
shm->mainpid = getpid();
setup_main_signals();
output(0, "Main thread is alive.\n");
prctl(PR_SET_NAME, (unsigned long) &taskname);
set_seed(0);
if (open_fds() == FALSE) {
if (shm->exit_reason != STILL_RUNNING)
panic(EXIT_FD_INIT_FAILURE); // FIXME: Later, push this down to multiple EXIT's.
exit_main_fail();
}
if (dropprivs == TRUE) //FIXME: Push down into child processes later.
drop_privs();
main_loop();
shm->mainpid = 0;
_exit(EXIT_SUCCESS);
}
/* wait for main loop process to exit. */
(void)waitpid(pid, &childstatus, 0);
/* wait for watchdog to exit. */
waitpid(watchdog_pid, &childstatus, 0);
output(0, "Ran %ld syscalls. Successes: %ld Failures: %ld\n",
shm->stats.total_syscalls_done - 1, shm->stats.successes, shm->stats.failures);
cleanup_fds:
destroy_initial_mappings();
if (logging == TRUE)
close_logfile(&mainlogfile);
out:
exit(ret);
}
int main(int argc, char* argv[])
{
int ret = EXIT_SUCCESS;
const char taskname[13]="trinity-main";
outputstd("Trinity " VERSION " Dave Jones <*****@*****.**>\n");
progname = argv[0];
mainpid = getpid();
page_size = getpagesize();
num_online_cpus = sysconf(_SC_NPROCESSORS_ONLN);
max_children = num_online_cpus; /* possibly overridden in params. */
if (init_random() == FALSE)
exit(EXIT_FAILURE);
select_syscall_tables();
create_shm();
/* We do this before the parse_args because --fds will need to
* operate on the providers list when implemented.
*/
setup_fd_providers();
parse_args(argc, argv);
init_uids();
change_tmp_dir();
init_logging();
init_shm();
kernel_taint_initial = check_tainted();
if (kernel_taint_initial != 0)
output(0, "Kernel was tainted on startup. Will ignore flags that are already set.\n");
if (munge_tables() == FALSE) {
ret = EXIT_FAILURE;
goto out;
}
if (show_syscall_list == TRUE) {
dump_syscall_tables();
goto out;
}
if (show_ioctl_list == TRUE) {
dump_ioctls();
goto out;
}
if (show_unannotated == TRUE) {
show_unannotated_args();
goto out;
}
init_syscalls();
do_uid0_check();
if (do_specific_domain == TRUE)
find_specific_domain(specific_domain_optarg);
pids_init();
init_object_lists(OBJ_GLOBAL);
setup_initial_mappings();
parse_devices();
/* FIXME: Some better object construction method needed. */
create_futexes();
create_sysv_shms();
setup_main_signals();
no_bind_to_cpu = RAND_BOOL();
prctl(PR_SET_NAME, (unsigned long) &taskname);
if (open_fds() == FALSE) {
if (shm->exit_reason != STILL_RUNNING)
panic(EXIT_FD_INIT_FAILURE); // FIXME: Later, push this down to multiple EXIT's.
_exit(EXIT_FAILURE);
}
if (dropprivs == TRUE) //FIXME: Push down into child processes later.
drop_privs();
main_loop();
destroy_global_objects();
output(0, "Ran %ld syscalls. Successes: %ld Failures: %ld\n",
shm->stats.total_syscalls_done - 1, shm->stats.successes, shm->stats.failures);
shutdown_logging();
ret = set_exit_code(shm->exit_reason);
out:
exit(ret);
}
