struct cleanup * maybe_disable_address_space_randomization (int disable_randomization) { int personality_orig = 0; int personality_set = 0; #ifdef HAVE_PERSONALITY if (disable_randomization) { errno = 0; personality_orig = personality (0xffffffff); if (errno == 0 && !(personality_orig & ADDR_NO_RANDOMIZE)) { personality_set = 1; personality (personality_orig | ADDR_NO_RANDOMIZE); } if (errno != 0 || (personality_set && !(personality (0xffffffff) & ADDR_NO_RANDOMIZE))) warning (_("Error disabling address space randomization: %s"), safe_strerror (errno)); } #endif /* HAVE_PERSONALITY */ return make_disable_asr_cleanup (personality_set, personality_orig); }
/** * This function configures the process for recording/replay. In particular: * (1) address space randomization is disabled * (2) rdtsc is disabled */ static void set_up_process() { /* disable address space randomization */ int orig_pers; if (0 > (orig_pers = personality(0xffffffff))) { fatal("error getting personaity"); } if (0 > personality(orig_pers | ADDR_NO_RANDOMIZE)) { fatal("error disabling randomization"); } if (0 > prctl(PR_SET_TSC, PR_TSC_SIGSEGV, 0, 0, 0)) { fatal("error setting up prctl -- bailing out"); } /* If rr goes down, there's nothing more useful we can do. * Time for seppuku. * * XXX the tracee can reset or change this ...*/ if (0 > prctl(PR_SET_PDEATHSIG, SIGKILL)) { fatal("Couldn't set parent-death signal"); } /* XXX is it faster to mask off a CPU affinity when this * process is the only intensive one in the system? */ }
static void __initialize_personality() { #if !defined(__LP64__) int old_value = personality(0xffffffff); if (old_value == -1) { __libc_fatal("error getting old personality value: %s", strerror(errno)); } if (personality((static_cast<unsigned int>(old_value) & ~PER_MASK) | PER_LINUX32) == -1) { __libc_fatal("error setting PER_LINUX32 personality: %s", strerror(errno)); } #endif }
static int set_personality(unsigned long mask) { unsigned long per; per = personality(0xffffffff) | mask; logger(3, 0, "Set personality %#10.8lx", per); if (personality(per) == -1) { logger(-1, errno, "Unable to set personality PER_LINUX32"); return -1; } return 0; }
static int set_personality(unsigned long mask) { unsigned long per; per = personality(0xffffffff) | mask; printf("Set personality %#10.8lx", per); if (personality(per) == -1) { perror("Unable to set personality PER_LINUX32"); return -1; } return 0; }
SYSCALL_DEFINE1(sparc64_personality, unsigned long, personality) { int ret; if (personality(current->personality) == PER_LINUX32 && personality(personality) == PER_LINUX) personality |= PER_LINUX32; ret = sys_personality(personality); if (personality(ret) == PER_LINUX32) ret &= ~PER_LINUX32; return ret; }
int main(int ac, char **av) { int lc; /* loop counter */ char *msg; /* message returned from parse_opts */ int start_pers; /* parse standard options */ if ((msg = parse_opts(ac, av, (option_t *)NULL, NULL)) != (char *)NULL){ tst_brkm(TBROK, cleanup, "OPTION PARSING ERROR - %s", msg); } setup(); /* global setup */ start_pers = personality(PER_LINUX); if (start_pers == -1) { printf("personality01: Test Failed\n"); exit(-1); } /* The following checks the looping state if -i option given */ for (lc = 0; TEST_LOOPING(lc); lc++) { /* reset Tst_count in case we are looping */ Tst_count = 0; TEST(personality(PER_BAD)); if (TEST_RETURN != 0) { tst_brkm(TFAIL, cleanup, "call failed - errno = %d " "- %s", TEST_ERRNO, strerror(TEST_ERRNO)); } else { tst_resm(TPASS, "call to personality() with a " "bad personality passed"); } TEST_ERROR_LOG(TEST_ERRNO); /* * set our personality back to PER_LINUX */ if (personality(start_pers) == -1) { tst_brkm(TBROK, cleanup, "personality reset failed"); } } cleanup(); /*NOTREACHED*/ return(0); }
// --------------------------------------------------------------------------- void disable_aslr() { if(personality(ADDR_NO_RANDOMIZE) == -1) { log("{red}Could not turn off ASLR: %s{/red}", strerror(errno)); } else { log("ASLR turned off successfully"); } }
// TODO: move into r_util? r_run_... ? with the rest of funcs? static void setASLR(int enabled) { #if __linux__ #define RVAS "/proc/sys/kernel/randomize_va_space" if (enabled) { system ("echo 2 > "RVAS); } else { #if __ANDROID__ system ("echo 0 > "RVAS); #else #ifdef ADDR_NO_RANDOMIZE if (personality (ADDR_NO_RANDOMIZE) == -1) #endif system ("echo 0 > "RVAS); #endif } #elif __APPLE__ // TOO OLD setenv ("DYLD_NO_PIE", "1", 1); // disable this because its //eprintf ("Patch mach0.hdr.flags with:\n" // "f MH_PIE=0x00200000; wB-MH_PIE @ 24\n"); // for osxver>=10.7 // "unset the MH_PIE bit in an already linked executable" with --no-pie flag of the script // the right way is to disable the aslr bit in the spawn call #else // not supported for this platform #endif }
static struct exec_domain * lookup_exec_domain(u_long personality) { struct exec_domain * ep; u_long pers = personality(personality); read_lock(&exec_domains_lock); for (ep = exec_domains; ep; ep = ep->next) { if (pers >= ep->pers_low && pers <= ep->pers_high) if (try_module_get(ep->module)) goto out; } #ifdef CONFIG_KMOD read_unlock(&exec_domains_lock); request_module("personality-%ld", pers); read_lock(&exec_domains_lock); for (ep = exec_domains; ep; ep = ep->next) { if (pers >= ep->pers_low && pers <= ep->pers_high) if (try_module_get(ep->module)) goto out; } #endif ep = &default_exec_domain; out: read_unlock(&exec_domains_lock); return (ep); }
int setarch_main(int argc ATTRIBUTE_UNUSED, char **argv) { int pers = -1; /* Figure out what personality we are supposed to switch to ... * we can be invoked as either: * argv[0],argv[1] -> "setarch","personality" * argv[0] -> "personality" */ retry: if (argv[0][5] == '6') /* linux64 */ pers = PER_LINUX; else if (argv[0][5] == '3') /* linux32 */ pers = PER_LINUX32; else if (pers == -1 && argv[1] != NULL) { pers = PER_LINUX32; ++argv; goto retry; } /* make user actually gave us something to do */ ++argv; if (argv[0] == NULL) bb_show_usage(); /* Try to set personality */ if (personality(pers) >= 0) { /* Try to execute the program */ BB_EXECVP(argv[0], argv); } bb_simple_perror_msg_and_die(argv[0]); }
SYSCALL_DEFINE1(arm64_personality, unsigned int, personality) { if (personality(personality) == PER_LINUX32 && !system_supports_32bit_el0()) return -EINVAL; return ksys_personality(personality); }
int main(void) { int ret; struct stat fstat; ret = personality(PER_SVR4); if (ret == -1) { fprintf(stderr, "Unable to set personality!\n"); return 3; } fprintf(stdout, " [+] Personality set to: PER_SVR4\n"); if (stat(PULSEAUDIO_PATH, &fstat)) { fprintf(stderr, "Pulseaudio does not exist!\n"); return 3; } if (!(fstat.st_mode & S_ISUID) || fstat.st_uid != 0) { fprintf(stderr, "Pulseaudio is not suid root!\n"); return 3; } execl(PULSEAUDIO_PATH, PULSEAUDIO_PATH, "--log-level=0", "-L", PATH_TO_EXPLOIT, NULL); return 3; }
int do_test_misc(const char *test_parm) { (void) test_parm; char buf[BSIZE]; int rc; test_check_eq(getpagesize(),4096); test_check_eq(personality(0xffffffff), 0); { struct utsname phantom_uname; test_check_eq(uname(&phantom_uname), 0); printf("uland: uname sys '%s'\n\tnode %s\n\trel %s\n\tver %s\n\tmachine %s\n\tdomain %s\n", phantom_uname.sysname, phantom_uname.nodename, phantom_uname.release, phantom_uname.version, phantom_uname.machine, phantom_uname.domainname ); } rc = gethostname(buf, BSIZE); test_check_ge(rc,0); printf("uland: hostname %s\n", buf ); return 0; }
int main(int ac, char **av) { int leaked; leaked = dump_uts(); if (leaked) { printf("Leaked %d bytes even without UNAME26!?\n", leaked); return 1; } if (personality(PER_LINUX | UNAME26) < 0) { perror("personality"); exit(1); } leaked = dump_uts(); if (leaked) { printf("Leaked %d bytes!\n", leaked); return 1; } else { printf("Seems safe.\n"); return 0; } }
// TODO: move into r_util? r_run_... ? with the rest of funcs? static void setASLR(RRunProfile *r, int enabled) { #if __linux__ if (enabled) { setRVA ("2\n"); } else { #if __ANDROID__ setRVA ("0\n"); #else #if HAVE_DECL_ADDR_NO_RANDOMIZE if (personality (ADDR_NO_RANDOMIZE) == -1) { #endif setRVA ("0\n"); } #endif } #elif __APPLE__ // TOO OLD setenv ("DYLD_NO_PIE", "1", 1); // disable this because its const char *argv0 = r->_system ? r->_system : r->_program ? r->_program : r->_args[0] ? r->_args[0] : "/path/to/exec"; eprintf ("To disable aslr patch mach0.hdr.flags with:\n" "r2 -qwnc 'wx 000000 @ 0x18' %s\n", argv0); // f MH_PIE=0x00200000; wB-MH_PIE @ 24\n"); // for osxver>=10.7 // "unset the MH_PIE bit in an already linked executable" with --no-pie flag of the script // the right way is to disable the aslr bit in the spawn call #else // not supported for this platform #endif }
CfgMgrBldr::CfgMgrBldr() : doc(nullptr), volatile_doc(nullptr), r(false) { TiXmlBase::SetCondenseWhiteSpace(false); wxString personality(Manager::Get()->GetPersonalityManager()->GetPersonality()); if (personality.StartsWith(_T("http://"))) { SwitchToR(personality); return; } cfg = FindConfigFile(personality + _T(".conf")); if (cfg.IsEmpty()) { #ifdef __WINDOWS__ cfg = GetPortableConfigDir() + wxFILE_SEP_PATH + personality + _T(".conf"); #else cfg = wxStandardPathsBase::Get().GetUserDataDir() + wxFILE_SEP_PATH + personality + _T(".conf"); #endif doc = new TiXmlDocument(); doc->InsertEndChild(TiXmlDeclaration("1.0", "UTF-8", "yes")); doc->InsertEndChild(TiXmlElement("CodeBlocksConfig")); doc->FirstChildElement("CodeBlocksConfig")->SetAttribute("version", CfgMgrConsts::version); return; } SwitchTo(cfg); }
static struct exec_domain * lookup_exec_domain(unsigned int personality) { unsigned int pers = personality(personality); struct exec_domain *ep; read_lock(&exec_domains_lock); for (ep = exec_domains; ep; ep = ep->next) { if (pers >= ep->pers_low && pers <= ep->pers_high) if (try_module_get(ep->module)) goto out; } #ifdef CONFIG_MODULES read_unlock(&exec_domains_lock); request_module("personality-%d", pers); read_lock(&exec_domains_lock); for (ep = exec_domains; ep; ep = ep->next) { if (pers >= ep->pers_low && pers <= ep->pers_high) if (try_module_get(ep->module)) goto out; } #endif ep = &default_exec_domain; out: read_unlock(&exec_domains_lock); return ep; }
CfgMgrBldr::CfgMgrBldr() : doc(nullptr), volatile_doc(nullptr), r(false) { ConfigManager::MigrateFolders(); TiXmlBase::SetCondenseWhiteSpace(false); wxString personality(Manager::Get()->GetPersonalityManager()->GetPersonality()); if (personality.StartsWith(_T("http://"))) { SwitchToR(personality); return; } cfg = FindConfigFile(personality + _T(".conf")); if (cfg.IsEmpty()) { cfg = ConfigManager::GetConfigFolder() + wxFILE_SEP_PATH + personality + _T(".conf"); doc = new TiXmlDocument(); doc->InsertEndChild(TiXmlDeclaration("1.0", "UTF-8", "yes")); doc->InsertEndChild(TiXmlElement("CodeBlocksConfig")); doc->FirstChildElement("CodeBlocksConfig")->SetAttribute("version", CfgMgrConsts::version); return; } SwitchTo(cfg); }
static int c_show(struct seq_file *m, void *v) { int i, j; bool compat = personality(current->personality) == PER_LINUX32; for_each_online_cpu(i) { struct cpuinfo_arm64 *cpuinfo = &per_cpu(cpu_data, i); u32 midr = cpuinfo->reg_midr; /* * glibc reads /proc/cpuinfo to determine the number of * online processors, looking for lines beginning with * "processor". Give glibc what it expects. */ seq_printf(m, "processor\t: %d\n", i); if (compat) seq_printf(m, "model name\t: ARMv8 Processor rev %d (%s)\n", MIDR_REVISION(midr), COMPAT_ELF_PLATFORM); seq_printf(m, "BogoMIPS\t: %lu.%02lu\n", loops_per_jiffy / (500000UL/HZ), loops_per_jiffy / (5000UL/HZ) % 100); /* * Dump out the common processor features in a single line. * Userspace should read the hwcaps with getauxval(AT_HWCAP) * rather than attempting to parse this, but there's a body of * software which does already (at least for 32-bit). */ seq_puts(m, "Features\t:"); if (compat) { #ifdef CONFIG_COMPAT for (j = 0; compat_hwcap_str[j]; j++) if (compat_elf_hwcap & (1 << j)) seq_printf(m, " %s", compat_hwcap_str[j]); for (j = 0; compat_hwcap2_str[j]; j++) if (compat_elf_hwcap2 & (1 << j)) seq_printf(m, " %s", compat_hwcap2_str[j]); #endif /* CONFIG_COMPAT */ } else { for (j = 0; hwcap_str[j]; j++) if (elf_hwcap & (1 << j)) seq_printf(m, " %s", hwcap_str[j]); } seq_puts(m, "\n"); seq_printf(m, "CPU implementer\t: 0x%02x\n", MIDR_IMPLEMENTOR(midr)); seq_printf(m, "CPU architecture: 8\n"); seq_printf(m, "CPU variant\t: 0x%x\n", MIDR_VARIANT(midr)); seq_printf(m, "CPU part\t: 0x%03x\n", MIDR_PARTNUM(midr)); seq_printf(m, "CPU revision\t: %d\n\n", MIDR_REVISION(midr)); } return 0; }
/* * 20.12.91 - time began. Got VM working yesterday by doing this by hand. * * Usage: mkswap [-c] [-vN] [-f] device [size-in-blocks] * * -c for readability checking. (Use it unless you are SURE!) * -vN for swap areas version N. (Only N=0,1 known today.) * -f for forcing swap creation even if it would smash partition table. * * The device may be a block device or an image of one, but this isn't * enforced (but it's not much fun on a character device :-). * * Patches from [email protected] (Mike Jagdis) to make the * size-in-blocks parameter optional added Wed Feb 8 10:33:43 1995. * * Version 1 swap area code (for kernel 2.1.117), aeb, 981010. * * Sparc fixes, [email protected] (Jakub Jelinek), 981201 - mangled by aeb. * V1_MAX_PAGES fixes, jj, 990325. * sparc64 fixes, jj, 000219. * * 1999-02-22 Arkadiusz Miśkiewicz <*****@*****.**> * - added Native Language Support * */ #include <stdio.h> #include <unistd.h> #include <string.h> #include <fcntl.h> #include <stdlib.h> #include <limits.h> #include <mntent.h> #include <sys/utsname.h> #include <sys/stat.h> #include <errno.h> #include <getopt.h> #ifdef HAVE_LIBSELINUX #include <selinux/selinux.h> #include <selinux/context.h> #endif #include "linux_version.h" #include "swapheader.h" #include "strutils.h" #include "nls.h" #include "blkdev.h" #include "pathnames.h" #include "wholedisk.h" #include "all-io.h" #include "xalloc.h" #include "c.h" #include "closestream.h" #include "ismounted.h" #ifdef HAVE_LIBUUID # include <uuid.h> #endif #ifdef HAVE_LIBBLKID # include <blkid.h> #endif static char *device_name = NULL; static int DEV = -1; static unsigned long long PAGES = 0; static unsigned long badpages = 0; static int check = 0; #define SELINUX_SWAPFILE_TYPE "swapfile_t" #ifdef __sparc__ # ifdef __arch64__ # define is_sparc64() 1 # define is_be64() 1 # else /* sparc32 */ static int is_sparc64(void) { struct utsname un; static int sparc64 = -1; if (sparc64 != -1) return sparc64; sparc64 = 0; if (uname(&un) < 0) return 0; if (! strcmp(un.machine, "sparc64")) { sparc64 = 1; return 1; } if (strcmp(un.machine, "sparc")) return 0; /* Should not happen */ #ifdef HAVE_PERSONALITY { extern int personality(unsigned long); int oldpers; #define PERS_LINUX 0x00000000 #define PERS_LINUX_32BIT 0x00800000 #define PERS_LINUX32 0x00000008 oldpers = personality(PERS_LINUX_32BIT); if (oldpers != -1) { if (personality(PERS_LINUX) != -1) { uname(&un); if (! strcmp(un.machine, "sparc64")) { sparc64 = 1; oldpers = PERS_LINUX32; } } personality(oldpers); } } #endif return sparc64; }
int main(int ac, char **av) { int lc; int start_pers; tst_parse_opts(ac, av, NULL, NULL); setup(); /* global setup */ start_pers = personality(PER_LINUX); if (start_pers == -1) { printf("personality01: Test Failed\n"); exit(1); } /* The following checks the looping state if -i option given */ for (lc = 0; TEST_LOOPING(lc); lc++) { /* reset tst_count in case we are looping */ tst_count = 0; TEST(personality(PER_BAD)); if (TEST_RETURN != 0) { tst_brkm(TFAIL, cleanup, "call failed - errno = %d " "- %s", TEST_ERRNO, strerror(TEST_ERRNO)); } else { tst_resm(TPASS, "call to personality() with a " "bad personality passed"); } /* * set our personality back to PER_LINUX */ if (personality(start_pers) == -1) { tst_brkm(TBROK, cleanup, "personality reset failed"); } } cleanup(); tst_exit(); }
SYSCALL_DEFINE1(uname, struct new_utsname __user *, name) { int err; down_read(&uts_sem); err = copy_to_user(name, utsname(), sizeof(*name)); up_read(&uts_sem); if (personality(current->personality) == PER_LINUX32) err |= copy_to_user(&name->machine, "i686", 5); return err ? -EFAULT : 0; }
asmlinkage long sys_uname(struct new_utsname __user * name) { int err; down_read(&uts_sem); err = copy_to_user(name, &system_utsname, sizeof (*name)); up_read(&uts_sem); if (personality(current->personality) == PER_LINUX32) err |= copy_to_user(&name->machine, "i686", 5); return err ? -EFAULT : 0; }
static void restore_personality (void *arg) { int personality_orig = (int) (uintptr_t) arg; errno = 0; personality (personality_orig); if (errno != 0) warning (_("Error restoring address space randomization: %s"), safe_strerror (errno)); }
int safe_personality(const char *filename, unsigned int lineno, unsigned long persona) { int prev_persona = personality(persona); if (prev_persona < 0) { tst_brk_(filename, lineno, TBROK | TERRNO, "persona(%ld) failed", persona); } return prev_persona; }
TEST(sys_personality, current_persona) { int persona = personality(0xffffffff) & PER_MASK; #if defined(__BIONIC__) #if defined(__LP64__) ASSERT_EQ(PER_LINUX, persona); #else ASSERT_EQ(PER_LINUX32, persona); #endif #else // GLIBC does not set persona prior process startup - it is always PER_LINUX; ASSERT_EQ(PER_LINUX, persona); #endif }
// Referencing include/uapi/linux/personality.h // PER_LINUX = 0x0000, // PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT, // PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS, // PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, // PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE, // PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | // WHOLE_SECONDS | SHORT_INODE, // PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS, // PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE, // PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS, // PER_BSD = 0x0006, // PER_SUNOS = 0x0006 | STICKY_TIMEOUTS, // PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE, // PER_LINUX32 = 0x0008, // PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB, // PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */ // PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */ // PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */ // PER_RISCOS = 0x000c, // PER_SOLARIS = 0x000d | STICKY_TIMEOUTS, // PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, // PER_OSF4 = 0x000f, /* OSF/1 v4 */ // PER_HPUX = 0x0010, // PER_MASK = 0x00ff, void try_personality() { int ret; if ( -1 < ( ret = personality( 0x1234 ) ) ) { printf( "Personality: 0x%x\n", ret ); // getchar(); } ELSE_PRINT_ERROR if ( -1 < ( ret = personality( PER_LINUX32_3GB ) ) ) { printf( "Personality: 0x%x\n", ret ); // getchar(); } ELSE_PRINT_ERROR if ( -1 < ( ret = personality( PER_LINUX ) ) ) { printf( "Personality: 0x%x\n", ret ); // getchar(); } ELSE_PRINT_ERROR }
int main(int ac, char **av) { if (!av[1]) { fprintf(stderr, "Usage: uname26 program ...\n" "Run program with the uname 2.6 personality\n"); exit(1); } if (personality(PER_LINUX | UNAME26) < 0) perror("personality"), exit(1); execvp(av[1], av + 1); fprintf(stderr, "Cannot execute %s: %s\n", av[1], strerror(errno)); exit(1); }
TEST(sys_personality, current_persona) { int persona = personality(0xffffffff) & PER_MASK; #if defined(__BIONIC__) // When personality syscall is executed on mips64, for a 32bit process // sys_32_personality() is called, which converts PER_LINUX32 -> PER_LINUX #if defined(__LP64__) || (__mips==32 && __mips_isa_rev>2) ASSERT_EQ(PER_LINUX, persona); #else ASSERT_EQ(PER_LINUX32, persona); #endif #else // GLIBC does not set persona prior process startup - it is always PER_LINUX; ASSERT_EQ(PER_LINUX, persona); #endif }