Mercurial > repo
comparison paste/paste.16022 @ 169:cc236fe22acf
<elliott> pastelogs weboflies
| author | HackBot |
|---|---|
| date | Wed, 04 Apr 2012 03:25:39 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 168:2963a3f65111 | 169:cc236fe22acf |
|---|---|
| 1 2011-11-03.txt:19:57:23: <ais523\unfoog> Vorpal: weboflies | |
| 2 2011-11-03.txt:20:05:45: <Vorpal> ais523\unfoog, how much of a FPS drop do you get from weboflies typically with opengl stuff? | |
| 3 2011-11-03.txt:20:06:16: <ais523\unfoog> the joyous thing is, that weboflies only has a performance penalty on syscalls | |
| 4 2011-11-03.txt:20:25:25: <ais523\unfoog> gcc -o weboflies -O2 -g --std=gnu99 -Wall -Wextra -Wno-missing-field-initializers -Wno-missing-braces weboflies.c ktt.c -lrt -lpng | |
| 5 2011-11-03.txt:20:26:40: <ais523\unfoog> weboflies has a command line | |
| 6 2011-11-03.txt:20:28:56: <elliott> weboflies.c:1910:70: error: ‘struct user_regs_struct’ has no member named ‘ebx’ | |
| 7 2011-11-03.txt:20:28:56: <elliott> weboflies.c:1913:70: error: ‘struct user_regs_struct’ has no member named ‘ebx’ | |
| 8 2011-11-03.txt:20:28:56: <elliott> weboflies.c:1928:21: error: ‘struct user_regs_struct’ has no member named ‘ecx’ | |
| 9 2011-11-03.txt:20:28:56: <elliott> weboflies.c:1931:22: error: ‘struct user_regs_struct’ has no member named ‘esi’ | |
| 10 2011-11-03.txt:20:28:56: <elliott> weboflies.c:1932:44: error: ‘struct user_regs_struct’ has no member named ‘esi’ | |
| 11 2011-11-03.txt:20:28:56: <elliott> weboflies.c:1934:22: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’ | |
| 12 2011-11-03.txt:20:28:58: <elliott> weboflies.c:1940:22: error: ‘struct user_regs_struct’ has no member named ‘esi’ | |
| 13 2011-11-03.txt:20:29:00: <elliott> weboflies.c:1944:70: error: ‘struct user_regs_struct’ has no member named ‘esi’ | |
| 14 2011-11-03.txt:20:29:02: <elliott> weboflies.c:1950:20: error: ‘struct user_regs_struct’ has no member named ‘esi’ | |
| 15 2011-11-03.txt:20:29:04: <elliott> weboflies.c:1978:16: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’ | |
| 16 2011-11-03.txt:20:29:06: <elliott> weboflies.c:2002:20: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’ | |
| 17 2011-11-03.txt:20:32:40: <ais523\unfoog> this is how weboflies has genuinely caused filesystem leaks in the past | |
| 18 2011-11-03.txt:20:33:48: <ais523\unfoog> but weboflies' processes are often quite hard to get rid of | |
| 19 2011-11-03.txt:20:56:55: <ais523\unfoog> the weboflies core, which I'm writing at the moment, would need to be connected to some sort of interface to actually read it | |
| 20 2011-11-03.txt:22:03:49: <elliott> [elliott@dinky weboflies]$ find . | |
| 21 2011-11-03.txt:22:03:49: <elliott> ./weboflies.c | |
| 22 2011-11-03.txt:22:04:09: <Vorpal> ./weboflies.c | |
| 23 2011-11-03.txt:22:04:10: <Vorpal> ./weboflies | |
| 24 2011-11-03.txt:22:30:15: <elliott> [elliott@dinky ~]$ ldd ~/Code/weboflies/build.sh | |
| 25 2011-11-03.txt:22:30:39: <elliott> [elliott@dinky ~]$ ldd ~/Code/weboflies/build.sh | |
| 26 2011-11-03.txt:22:30:39: <elliott> ldd: warning: you do not have execution permission for `/home/elliott/Code/weboflies/build.sh' | |
| 27 2011-11-04.txt:03:55:25: <elliott> [elliott@dinky weboflies]$ sudo ./weboflies ls | |
| 28 2011-11-04.txt:03:55:25: <elliott> = WARNING: mount("/home/ais523/weboflies/nethack/nethack", "/tmp/var/games/nethack", 0, MS_BIND, 0): No such file or directory | |
| 29 2011-11-04.txt:03:57:54: <elliott> ewarn(mount("/home/ais523/weboflies/nethack/nethack", "/tmp/var/games/nethack", 0, MS_BIND, 0)); | |
| 30 2011-11-04.txt:03:59:10: <elliott> [elliott@dinky weboflies]$ sudo ./weboflies ls | |
| 31 2011-11-04.txt:09:48:01: <elliott> note: it was "sudo ./weboflies true"; true is 64-bit, but I tried it on Web of Lies itself and it still failed, so I suspect it's a generic problem | |
| 32 2011-11-04.txt:09:48:13: <elliott> weboflies isn't suid :) | |
| 33 2011-11-04.txt:09:57:39: <elliott> ais523: I could run weboflies under gd... what am I saying, of course I can't | |
| 34 2011-11-04.txt:09:58:18: <elliott> [elliott@dinky weboflies]$ sudo gdb ./weboflies | |
| 35 2011-11-04.txt:10:02:29: <elliott_> i killed the gdb'd weboflies | |
| 36 2011-11-04.txt:10:03:25: <ais523> this is weboflies! | |
| 37 2011-11-04.txt:10:03:51: <ais523> (note that a kill -9 on weboflies itself is nearly always a bad idea) | |
| 38 2011-11-04.txt:10:05:30: <elliott_> [elliott@dinky weboflies]$ sudo ./weboflies true | |
| 39 2011-11-04.txt:10:05:34: <elliott_> 781 pts/0 00:00:00 weboflies | |
| 40 2011-11-04.txt:10:05:34: <elliott_> 782 pts/1 00:00:00 weboflies | |
| 41 2011-11-04.txt:10:05:35: <elliott_> 783 pts/1 00:00:00 weboflies | |
| 42 2011-11-04.txt:10:05:46: <elliott_> [elliott@dinky weboflies]$ ls -l /proc | grep 783 | |
| 43 2011-11-04.txt:10:06:04: <elliott_> [elliott@dinky weboflies]$ ls -l /proc/783/fd | |
| 44 2011-11-04.txt:10:06:09: <elliott_> [elliott@dinky weboflies]$ ls -ld /proc/783/fd | |
| 45 2011-11-04.txt:10:07:35: <elliott_> [elliott@dinky weboflies]$ ls -ld /proc/781{,/fd} | |
| 46 2011-11-04.txt:10:07:35: <elliott_> [elliott@dinky weboflies]$ ls -ld /proc/782{,/fd} | |
| 47 2011-11-04.txt:10:08:19: <elliott_> [elliott@dinky weboflies]$ ls /proc/self/fd | |
| 48 2011-11-04.txt:10:08:27: <elliott_> [elliott@dinky weboflies]$ ls -ld /proc/self{,/fd} | |
| 49 2011-11-04.txt:10:08:50: <elliott_> [elliott@dinky weboflies]$ ls -ldH /proc/self{,/fd} | |
| 50 2011-11-04.txt:10:12:55: <elliott_> I was thinking weboflies could chown its /proc/blah/fd before dropping perms :) | |
| 51 2011-11-04.txt:10:17:06: <elliott_> [elliott@dinky weboflies]$ /bin/true --help | |
| 52 2011-11-04.txt:10:18:58: <elliott_> ais523: any ideas wrt weboflies? | |
| 53 2011-11-04.txt:19:34:17: <ais523> (that's for the syscall getdents; you're not supposed to use it directly, rather using a wrapper, but you can do a few things with it that you can't via the wrapper, such as listing amazingly large directories, and ofc weboflies is at the receiving end of syscalls so it has to understand getdents, not the libc equivalents) | |
| 54 2011-11-04.txt:19:38:11: <elliott_> gcc -o weboflies -m32 -O2 -g --std=gnu99 -Wall -Wextra -Wno-missing-field-initializers -Wno-missing-braces weboflies.c ktt.c -lrt -lpng | |
| 55 2011-11-04.txt:19:48:37: <ais523> I think it's only just new enough to run weboflies, which requires something along the lines of 2.6.30 | |
| 56 2011-11-04.txt:19:54:41: <ais523> actually, I think weboflies does connect to a pty | |
| 57 2011-11-05.txt:18:18:37: <ais523> basically, there are three processes: weboflies, fakeinit, process under test | |
| 58 2011-11-05.txt:18:18:50: <ais523> weboflies forks fakeinit as root; fakeinit forks the process after dropping perms, so as nonroot | |
| 59 2011-11-05.txt:18:19:36: <ais523> and weboflies then can't read the process under test's perms on any computers but mine | |
| 60 2011-11-05.txt:18:48:32: <elliott> [elliott@dinky weboflies]$ ls -lhd /proc/7583{,/fd} | |
| 61 2011-11-05.txt:18:48:32: <elliott> [elliott@dinky weboflies]$ ls -lhd /proc/7584{,/fd} | |
| 62 2011-11-05.txt:18:50:35: <ais523> CLONE_PTRACE basically means "debugged-ness propagates over the clone"; weboflies injects it into other process's clone calls | |
| 63 2011-11-05.txt:18:54:29: <elliott> [elliott@dinky weboflies]$ ls -lhd /proc/7739{,/fd} | |
| 64 2011-11-05.txt:18:54:29: <elliott> [elliott@dinky weboflies]$ ls -lhd /proc/7740{,/fd} | |
| 65 2011-11-05.txt:18:54:54: <ais523> elliott: OK, so now we have to figure out what weboflies is doing differently | |
| 66 2011-11-05.txt:18:57:00: <elliott> ais523: am i meant to be reading weboflies.c here, or are you? :-) | |
| 67 2011-11-05.txt:18:58:37: <Phantom_Hoover> What does weboflies do? | |
| 68 2011-11-05.txt:19:40:44: <elliott> ais523: any ideas about weboflies? | |
| 69 2011-11-05.txt:19:46:35: <ais523> such a pity that weboflies repels debuggers | |
| 70 2011-11-05.txt:20:00:17: <elliott> [elliott@dinky Temp]$ qemu-img create weboflies.qemu2 4G | |
| 71 2011-11-05.txt:20:00:17: <elliott> Formatting 'weboflies.qemu2', fmt=raw size=4294967296 | |
| 72 2011-11-05.txt:20:00:17: <elliott> -rw-r--r-- 1 elliott users 4.0G Nov 5 19:59 weboflies.qemu2 | |
| 73 2011-11-05.txt:20:00:36: <elliott> [elliott@dinky Temp]$ qemu-img create -f qcow2 weboflies.qcow2 4G | |
| 74 2011-11-05.txt:20:00:36: <elliott> Formatting 'weboflies.qcow2', fmt=qcow2 size=4294967296 encryption=off cluster_size=65536 | |
| 75 2011-11-05.txt:20:00:36: <elliott> [elliott@dinky Temp]$ ls -lh weboflies.qcow2 | |
| 76 2011-11-05.txt:20:00:36: <elliott> -rw-r--r-- 1 elliott users 193K Nov 5 19:59 weboflies.qcow2 | |
| 77 2011-11-05.txt:20:00:54: <ais523> for some weboflies test, I was using a sparse ext4 | |
| 78 2011-11-05.txt:21:42:05: <elliott> [elliott@dinky Temp]$ qemu -m 1024 -hda weboflies.qcow2 -cdrom ~/Downloads/archlinux-2011.08.19-netinstall-i686.iso -boot c | |
| 79 2011-11-05.txt:22:59:04: <elliott> ais523: weboflies would work in Xen, right? | |
| 80 2011-11-05.txt:23:02:20: <elliott> ais523: [elliott@dinky Temp]$ qemu -m 1024 -hda weboflies.qcow2man -net nic -net user,hostfwd=tcp::2222:22 | |
| 81 2011-11-05.txt:23:46:03: <ais523> elliott: well, weboflies works just /fine/ inside the VM | |
| 82 2011-11-05.txt:23:49:02: <ais523> hmm, I just tried running weboflies on su, to see what would happen | |
| 83 2011-11-05.txt:23:53:33: <ais523> and this is running 32-bit su, as weboflies only runs 32-bit programs | |
| 84 2011-11-05.txt:23:54:21: <ais523> elliott: anyway, if you want to run weboflies, now you have a VM it works in ;) | |
| 85 2011-11-05.txt:23:58:10: <elliott> ais523: I did (weboflies) | |
| 86 2011-11-14.txt:22:29:52: <elliott> ais523: hmm, weboflies-related question: can you use a new filesystem namespace as a chroot? | |
| 87 2011-11-14.txt:22:30:52: <ais523> but I've never dared call it from inside weboflies, because I'm not quite that crazy | |
| 88 2011-12-15.txt:19:45:13: <elliott> ais523: but how will you calculate weboflies' eigenratio? | |
| 89 2011-12-15.txt:19:49:47: <ais523> elliott: heh, I have to keep remembering to check EFAULT in weboflies | |
| 90 2011-12-15.txt:19:55:04: <elliott> Vorpal: /proc/<pid>/fd failed to stop being owned by root on weboflies' complicated permissions drop | |
| 91 2012-01-08.txt:14:52:28: <elliott> Yes, so does weboflies. | |
| 92 2012-03-04.txt:19:22:45: <ais523> should be secure against non-malicious accidents; it just increases the attack surface somewhat for people trying to exploit suid weboflies, or whatever, and who'd be mad enough to suid it? | |
| 93 2012-03-04.txt:19:26:42: <ais523> suiding weboflies? | |
| 94 2012-03-04.txt:19:41:04: <ais523> that's exactly what I was doing with the fake framebuffer in weboflies anyway | |
| 95 2012-03-04.txt:19:47:47: <elliott> anyway, I don't see why weboflies couldn't just pretend to the running program that it's root | |
| 96 2012-03-04.txt:19:49:55: <ais523> $ sudo ./weboflies ls /dev/input | |
| 97 2012-03-04.txt:19:51:02: <ais523> $ sudo ./weboflies Xvfb :1 | |
| 98 2012-03-04.txt:19:55:32: <ais523> elliott: that's what weboflies does do on unknown syscalls | |
| 99 2012-03-04.txt:19:56:26: <elliott> <ais523> elliott: that's what weboflies does do on unknown syscalls | |
| 100 2012-03-04.txt:20:06:44: <ais523> ais523@desert:~/weboflies$ ln -s Xvfb_screen0 /tmp/Xvfb_screen0.xwd | |
| 101 2012-03-04.txt:20:06:45: <ais523> ais523@desert:~/weboflies$ convert /tmp/Xvfb_screen0.xwd /tmp/t.png | |
| 102 2012-03-04.txt:20:06:47: <ais523> ais523@desert:~/weboflies$ eog /tmp/t.png | |
| 103 2012-03-04.txt:20:06:57: <ais523> so Xvfb is definitely working outside weboflies | |
| 104 2012-03-05.txt:15:05:03: <ais523> I was trying to figure out htf a process inside weboflies could detect X outside it, apparently that was how | |
| 105 2012-03-05.txt:15:06:39: <ais523> do weboflies nc localhost 9999, and you get an error message back that it couldn't determine the IP address that localhost referred to | |
| 106 2012-03-05.txt:15:06:50: <ais523> because there isn't an /etc/hosts inside weboflies, and it has no other sort of DNS | |
| 107 2012-03-05.txt:15:34:51: <ais523> other anyway: I'm annoyed that X seems to segfault inside weboflies but not outside (both Xorg and Xvfb, which appear to be doing the same thing when they segfault) | |
| 108 2012-03-05.txt:15:35:13: <ais523> then all I'll have to do is get core dumps working inside weboflies… | |
| 109 2012-03-05.txt:16:22:25: <ais523> I can't even figure out why weboflies would make a program segfault | |
| 110 2012-03-05.txt:16:25:21: <Phantom_Hoover> weboflies? | |
| 111 2012-03-05.txt:16:26:18: <ais523> yes, weboflies | |
| 112 2012-03-05.txt:16:26:54: <elliott> Phantom_Hoover: you know weboflies | |
| 113 2012-03-05.txt:16:27:01: <elliott> <ais523> I can't even figure out why weboflies would make a program segfault | |
| 114 2012-03-05.txt:16:27:16: <elliott> ais523: ooh, you should post your weboflies problems on SO, the reactions would be priceless | |
| 115 2012-03-05.txt:16:27:20: <ais523> elliott: you /do/ know what happens if you put gdb and weboflies together, right? | |
| 116 2012-03-05.txt:16:31:19: <ais523> and if weboflies doesn't have a syscall implemented, it forwards it to the actual kernel | |
| 117 2012-03-05.txt:16:37:22: <fizzie> ais523: Anyway, can you get core dumps out of weboflies'd processes? It sounds not impossible for those to be gdb'able, depending on how things go. | |
| 118 2012-03-05.txt:16:43:54: <fizzie> ais523: What was the basic weboflies mechanism, anyway? ptrace with PTRACE_SYSCALL? | |
| 119 2012-03-05.txt:16:44:39: <ais523> btw, weboflies works inside strace (but not strace -f, nor does strace work inside weboflies) | |
| 120 2012-03-05.txt:16:44:46: <ais523> I wonder if /ltrace/ works inside weboflies? | |
| 121 2012-04-04.txt:02:50:00: <elliott> shachaf: That's what weboflies does. | |
| 122 2012-04-04.txt:03:24:39: <elliott> OK, lemme figure out where weboflies.c is. |