void run_check() { const auto opened_after = open_fds(); ASSERT_EQ(opened_before.size(), opened_after.size()) << "Number of file descriptors changed"; EXPECT_TRUE(std::equal(opened_before.cbegin(), opened_before.cend(), opened_after.cbegin())) << "Set of opened file descriptors changed"; }
check_fixed_fds() : opened_before(open_fds()) { }
void open_fds(char *dir) { char b[4096]; int openflag, fd, r; DIR *d = opendir(dir); struct dirent *de; struct stat buf; char *modestr; unsigned int chance; if (!d) { printf("can't open %s\n", dir); return; } while ((de = readdir(d))) { memset(&buf, 0, sizeof(struct stat)); snprintf(b, sizeof(b), "%s/%s", dir, de->d_name); if (ignore_files(de->d_name)) continue; /*".", "..", everything that's not a regular file or directory !*/ r = lstat(b,&buf); if (r == -1) continue; openflag = 0; if (S_ISLNK(buf.st_mode)) continue; if (S_ISFIFO(buf.st_mode)) continue; //if (S_ISREG(buf.st_mode)) // continue; if (S_ISDIR(buf.st_mode)) { /* probability of adding a directory to the list. */ chance = 5; openflag = O_RDONLY; if (buf.st_uid != getuid()) { /* We don't own the dir, is it group/other readable ? */ if (buf.st_mode & (S_IRGRP|S_IROTH)) { open_fds(b); goto openit; } } else { /* We own this dir. */ open_fds(b); goto openit; } } else { int mode_was_set = 0; /* if we own the file, unlikely, since you should NOT run this thing as root */ if (buf.st_uid == getuid()) { if (buf.st_mode & S_IRUSR) { openflag &= O_RDONLY; mode_was_set = 1; } if (buf.st_mode & S_IWUSR) { openflag |= O_WRONLY; mode_was_set = 1; } } else if (buf.st_gid == getgid()) { if (buf.st_mode & S_IRGRP) { openflag &= O_RDONLY; mode_was_set = 1; } if (buf.st_mode & S_IWGRP) { openflag |= O_WRONLY; mode_was_set = 1; } } else { if (buf.st_mode & S_IROTH) { openflag &= O_RDONLY; mode_was_set = 1; } if (buf.st_mode & S_IWOTH) { openflag |= O_WRONLY; mode_was_set = 1; } } //if (strcmp(de->d_name, "sr0") == 0) { // printf("sr0 mode = %o\n", buf.st_mode); //} if (!mode_was_set) { //printf("couldn't find a mode to open %s\n", b); continue; } if ((openflag & O_RDONLY) && (openflag & O_WRONLY)) openflag = O_RDWR; /* files have a higher probability of success than directories * also, writable files are probably more 'fun' */ switch (openflag) { case O_RDONLY: chance = 10; break; case O_WRONLY: chance = 100; break; case O_RDWR: chance = 100; break; } openit: if (fds_left_to_create == 0) break; fd = add_fd(chance, b, openflag); if (fd == -1) continue; switch (openflag) { case O_RDONLY: modestr = "read-only"; break; case O_WRONLY: modestr = "write-only"; break; case O_RDWR: modestr = "read-write"; break; } output("fd[%i] = %s (%s)\n", fd, b, modestr); fds[fd_idx++] = fd; fds_left_to_create--; } } closedir(d); }
int main(int argc, char* argv[]) { int ret = EXIT_SUCCESS; int childstatus; pid_t pid; const char taskname[13]="trinity-main"; outputstd("Trinity " VERSION " Dave Jones <*****@*****.**>\n"); progname = argv[0]; initpid = getpid(); page_size = getpagesize(); num_online_cpus = sysconf(_SC_NPROCESSORS_ONLN); max_children = num_online_cpus; /* possibly overridden in params. */ set_seed(0); /* Select the syscall table to use to fuzz, depending on the arch used. */ /* The syscall table is an array of pointer to an extern struct syscallentry. */ /* Each syscall is represented as a syscall entry */ /* Each syscallentry is defined an a c file in syscalls/, one for each syscall. */ select_syscall_tables(); create_shm(); /* We do this before the parse_args because --fds will need to * operate on it when implemented. */ setup_fd_providers(); parse_args(argc, argv); init_uids(); change_tmp_dir(); if (logging == TRUE) open_main_logfile(); init_shm(); kernel_taint_initial = check_tainted(); if (kernel_taint_initial != 0) output(0, "Kernel was tainted on startup. Will ignore flags that are already set.\n"); if (munge_tables() == FALSE) { ret = EXIT_FAILURE; goto out; } if (show_syscall_list == TRUE) { dump_syscall_tables(); goto out; } init_syscalls(); if (show_ioctl_list == TRUE) { dump_ioctls(); goto out; } do_uid0_check(); if (do_specific_domain == TRUE) find_specific_domain(specific_domain_optarg); setup_initial_mappings(); parse_devices(); pids_init(); setup_main_signals(); /* check if we ctrl'c or something went wrong during init. */ if (shm->exit_reason != STILL_RUNNING) goto cleanup_fds; init_watchdog(); /* do an extra fork so that the watchdog and the children don't share a common parent */ fflush(stdout); pid = fork(); if (pid == 0) { open("/dev/video0", O_RDWR); shm->mainpid = getpid(); setup_main_signals(); output(0, "Main thread is alive.\n"); prctl(PR_SET_NAME, (unsigned long) &taskname); set_seed(0); if (open_fds() == FALSE) { if (shm->exit_reason != STILL_RUNNING) panic(EXIT_FD_INIT_FAILURE); // FIXME: Later, push this down to multiple EXIT's. exit_main_fail(); } if (dropprivs == TRUE) //FIXME: Push down into child processes later. drop_privs(); main_loop(); shm->mainpid = 0; _exit(EXIT_SUCCESS); } /* wait for main loop process to exit. */ (void)waitpid(pid, &childstatus, 0); /* wait for watchdog to exit. */ waitpid(watchdog_pid, &childstatus, 0); output(0, "Ran %ld syscalls. Successes: %ld Failures: %ld\n", shm->stats.total_syscalls_done - 1, shm->stats.successes, shm->stats.failures); cleanup_fds: destroy_initial_mappings(); if (logging == TRUE) close_logfile(&mainlogfile); out: exit(ret); }
int main(int argc, char* argv[]) { int ret = EXIT_SUCCESS; const char taskname[13]="trinity-main"; outputstd("Trinity " VERSION " Dave Jones <*****@*****.**>\n"); progname = argv[0]; mainpid = getpid(); page_size = getpagesize(); num_online_cpus = sysconf(_SC_NPROCESSORS_ONLN); max_children = num_online_cpus; /* possibly overridden in params. */ if (init_random() == FALSE) exit(EXIT_FAILURE); select_syscall_tables(); create_shm(); /* We do this before the parse_args because --fds will need to * operate on the providers list when implemented. */ setup_fd_providers(); parse_args(argc, argv); init_uids(); change_tmp_dir(); init_logging(); init_shm(); kernel_taint_initial = check_tainted(); if (kernel_taint_initial != 0) output(0, "Kernel was tainted on startup. Will ignore flags that are already set.\n"); if (munge_tables() == FALSE) { ret = EXIT_FAILURE; goto out; } if (show_syscall_list == TRUE) { dump_syscall_tables(); goto out; } if (show_ioctl_list == TRUE) { dump_ioctls(); goto out; } if (show_unannotated == TRUE) { show_unannotated_args(); goto out; } init_syscalls(); do_uid0_check(); if (do_specific_domain == TRUE) find_specific_domain(specific_domain_optarg); pids_init(); init_object_lists(OBJ_GLOBAL); setup_initial_mappings(); parse_devices(); /* FIXME: Some better object construction method needed. */ create_futexes(); create_sysv_shms(); setup_main_signals(); no_bind_to_cpu = RAND_BOOL(); prctl(PR_SET_NAME, (unsigned long) &taskname); if (open_fds() == FALSE) { if (shm->exit_reason != STILL_RUNNING) panic(EXIT_FD_INIT_FAILURE); // FIXME: Later, push this down to multiple EXIT's. _exit(EXIT_FAILURE); } if (dropprivs == TRUE) //FIXME: Push down into child processes later. drop_privs(); main_loop(); destroy_global_objects(); output(0, "Ran %ld syscalls. Successes: %ld Failures: %ld\n", shm->stats.total_syscalls_done - 1, shm->stats.successes, shm->stats.failures); shutdown_logging(); ret = set_exit_code(shm->exit_reason); out: exit(ret); }