GithubHelp home page GithubHelp logo

adtac / fssb Goto Github PK

View Code? Open in Web Editor NEW
396.0 26.0 45.0 55 KB

A filesystem sandbox for Linux using syscall intercepts.

License: GNU General Public License v3.0

Makefile 0.63% C 88.41% Shell 0.79% Python 10.17%
linux filesystem sandbox c

fssb's Issues

tests are not working on my system

I cloned the repo, ran make, and then ./launch_tests.sh. I got this output:

[steven@lzyrbt tests]$ sudo ./launch_tests.sh
Removing all /tmp/fssb-*
Launching tests
Launching test on test_no_syscalls
fssb: child exited with 0
fssb: sandbox directory: /tmp/fssb-1/
Launching check on test_no_syscalls
Assert in line 84 passed: check_no_syscalls
Launching test on test_save_empty_file
fssb: child exited with 0
fssb: sandbox directory: /tmp/fssb-2/
Launching check on test_save_empty_file
Assert in line 108 failed: check_save_empty_file
args = ('', '/tmp/fssb-2/f61bd54ddf9c9dce6076a3c8a7892e49 = save_empty_file\n')
kwargs = {}
            '{} = {}\n'.format(empty_file_path, empty_file_name)

Traceback (most recent call last):
  File "./tests.py", line 145, in <module>
    main()
  File "./tests.py", line 134, in main
    test_check()
  File "./tests.py", line 110, in check_save_empty_file
    _assert(operator.eq, open(empty_file_path).read(), '')
IOError: [Errno 2] No such file or directory: '/tmp/fssb-2/f61bd54ddf9c9dce6076a3c8a7892e49'

I then compiled the code below as main.cpp:

#include <cstdio>

int main() {
    freopen("myfile.txt", "w", stdout);
    printf("Hello world\n");
}

I added printf statements in handle_syscalls in fssb.c. In the switch statement, I printed the current syscall (and relevant variables like pathname). I ran fssb on ./main and got:

[steven@lzyrbt tests]$ ../fssb -m -- ./main
handling syscall = SYS_access with pathname = /etc/ld.so.preload
handling syscall = SYS_stat
handling syscall = SYS_lstat
handling syscall = SYS_access with pathname = /usr/lib/tls/haswell/x86_64
handling syscall = SYS_stat
handling syscall = SYS_lstat
handling syscall = SYS_access with pathname = /usr/lib/tls/haswell
handling syscall = SYS_stat
handling syscall = SYS_lstat
handling syscall = SYS_access with pathname = /usr/lib/tls/x86_64
handling syscall = SYS_stat
handling syscall = SYS_lstat
handling syscall = SYS_access with pathname = /usr/lib/tls
handling syscall = SYS_stat
handling syscall = SYS_lstat
handling syscall = SYS_access with pathname = /usr/lib/haswell/x86_64
handling syscall = SYS_stat
handling syscall = SYS_lstat
handling syscall = SYS_access with pathname = /usr/lib/haswell
handling syscall = SYS_stat
handling syscall = SYS_lstat
handling syscall = SYS_access with pathname = /usr/lib/x86_64
handling syscall = SYS_exit_group
fssb: child exited with 0
fssb: sandbox directory: /tmp/fssb-3/

In addition, the file tests/myfile.txt was created and it contains "Hello world\n"

What is going on?

error make

root@aksus:~/fssb# make
cc -c -o fssb.o fssb.c
fssb.c: In function ‘handle_syscalls’:
fssb.c:73:9: error: ‘for’ loop initial declarations are only allowed in C99 or C11 mode
for(int i = 0; i < 6; i++)
^
fssb.c:73:9: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code

yes, openssl is istalled, debian 8

subprocess's syscalls are not limited in fssb so that escape may happen 

#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>

int main(){
	pid_t pid;
	pid = fork();
	printf("pid: %d\n",pid);
	if(pid==0){
		puts("hello?");
		open("fuck.txt", O_CREAT, 0666);
	}
	return 0;
}

As we can see, we create an escaped file by using subprocess to operate files.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.