Mercurial > repo

view paste/paste.16022 @ 198:dce34bbebc5c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
<oerjan> revert 193
author HackBot
date Sun, 08 Apr 2012 09:03:26 +0000
parents cc236fe22acf
children
line wrap: on
line source

2011-11-03.txt:19:57:23: <ais523\unfoog> Vorpal: weboflies
2011-11-03.txt:20:05:45: <Vorpal> ais523\unfoog, how much of a FPS drop do you get from weboflies typically with opengl stuff?
2011-11-03.txt:20:06:16: <ais523\unfoog> the joyous thing is, that weboflies only has a performance penalty on syscalls
2011-11-03.txt:20:25:25: <ais523\unfoog> gcc -o weboflies -O2 -g --std=gnu99 -Wall -Wextra -Wno-missing-field-initializers -Wno-missing-braces weboflies.c ktt.c -lrt -lpng
2011-11-03.txt:20:26:40: <ais523\unfoog> weboflies has a command line
2011-11-03.txt:20:28:56: <elliott> weboflies.c:1910:70: error: ‘struct user_regs_struct’ has no member named ‘ebx’
2011-11-03.txt:20:28:56: <elliott> weboflies.c:1913:70: error: ‘struct user_regs_struct’ has no member named ‘ebx’
2011-11-03.txt:20:28:56: <elliott> weboflies.c:1928:21: error: ‘struct user_regs_struct’ has no member named ‘ecx’
2011-11-03.txt:20:28:56: <elliott> weboflies.c:1931:22: error: ‘struct user_regs_struct’ has no member named ‘esi’
2011-11-03.txt:20:28:56: <elliott> weboflies.c:1932:44: error: ‘struct user_regs_struct’ has no member named ‘esi’
2011-11-03.txt:20:28:56: <elliott> weboflies.c:1934:22: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’
2011-11-03.txt:20:28:58: <elliott> weboflies.c:1940:22: error: ‘struct user_regs_struct’ has no member named ‘esi’
2011-11-03.txt:20:29:00: <elliott> weboflies.c:1944:70: error: ‘struct user_regs_struct’ has no member named ‘esi’
2011-11-03.txt:20:29:02: <elliott> weboflies.c:1950:20: error: ‘struct user_regs_struct’ has no member named ‘esi’
2011-11-03.txt:20:29:04: <elliott> weboflies.c:1978:16: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’
2011-11-03.txt:20:29:06: <elliott> weboflies.c:2002:20: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’
2011-11-03.txt:20:32:40: <ais523\unfoog> this is how weboflies has genuinely caused filesystem leaks in the past
2011-11-03.txt:20:33:48: <ais523\unfoog> but weboflies' processes are often quite hard to get rid of
2011-11-03.txt:20:56:55: <ais523\unfoog> the weboflies core, which I'm writing at the moment, would need to be connected to some sort of interface to actually read it
2011-11-03.txt:22:03:49: <elliott> [elliott@dinky weboflies]$ find .
2011-11-03.txt:22:03:49: <elliott> ./weboflies.c
2011-11-03.txt:22:04:09: <Vorpal> ./weboflies.c
2011-11-03.txt:22:04:10: <Vorpal> ./weboflies
2011-11-03.txt:22:30:15: <elliott> [elliott@dinky ~]$ ldd ~/Code/weboflies/build.sh
2011-11-03.txt:22:30:39: <elliott> [elliott@dinky ~]$ ldd ~/Code/weboflies/build.sh
2011-11-03.txt:22:30:39: <elliott> ldd: warning: you do not have execution permission for `/home/elliott/Code/weboflies/build.sh'
2011-11-04.txt:03:55:25: <elliott> [elliott@dinky weboflies]$ sudo ./weboflies ls
2011-11-04.txt:03:55:25: <elliott> = WARNING: mount("/home/ais523/weboflies/nethack/nethack", "/tmp/var/games/nethack", 0, MS_BIND, 0): No such file or directory
2011-11-04.txt:03:57:54: <elliott>   ewarn(mount("/home/ais523/weboflies/nethack/nethack", "/tmp/var/games/nethack", 0, MS_BIND, 0));
2011-11-04.txt:03:59:10: <elliott> [elliott@dinky weboflies]$ sudo ./weboflies ls
2011-11-04.txt:09:48:01: <elliott> note: it was "sudo ./weboflies true"; true is 64-bit, but I tried it on Web of Lies itself and it still failed, so I suspect it's a generic problem
2011-11-04.txt:09:48:13: <elliott> weboflies isn't suid :)
2011-11-04.txt:09:57:39: <elliott> ais523: I could run weboflies under gd... what am I saying, of course I can't
2011-11-04.txt:09:58:18: <elliott> [elliott@dinky weboflies]$ sudo gdb ./weboflies
2011-11-04.txt:10:02:29: <elliott_> i killed the gdb'd weboflies
2011-11-04.txt:10:03:25: <ais523> this is weboflies!
2011-11-04.txt:10:03:51: <ais523> (note that a kill -9 on weboflies itself is nearly always a bad idea)
2011-11-04.txt:10:05:30: <elliott_> [elliott@dinky weboflies]$ sudo ./weboflies true
2011-11-04.txt:10:05:34: <elliott_>   781 pts/0    00:00:00 weboflies
2011-11-04.txt:10:05:34: <elliott_>   782 pts/1    00:00:00 weboflies
2011-11-04.txt:10:05:35: <elliott_>   783 pts/1    00:00:00 weboflies
2011-11-04.txt:10:05:46: <elliott_> [elliott@dinky weboflies]$ ls -l /proc | grep 783
2011-11-04.txt:10:06:04: <elliott_> [elliott@dinky weboflies]$ ls -l /proc/783/fd
2011-11-04.txt:10:06:09: <elliott_> [elliott@dinky weboflies]$ ls -ld /proc/783/fd
2011-11-04.txt:10:07:35: <elliott_> [elliott@dinky weboflies]$ ls -ld /proc/781{,/fd}
2011-11-04.txt:10:07:35: <elliott_> [elliott@dinky weboflies]$ ls -ld /proc/782{,/fd}
2011-11-04.txt:10:08:19: <elliott_> [elliott@dinky weboflies]$ ls /proc/self/fd
2011-11-04.txt:10:08:27: <elliott_> [elliott@dinky weboflies]$ ls -ld /proc/self{,/fd}
2011-11-04.txt:10:08:50: <elliott_> [elliott@dinky weboflies]$ ls -ldH /proc/self{,/fd}
2011-11-04.txt:10:12:55: <elliott_> I was thinking weboflies could chown its /proc/blah/fd before dropping perms :)
2011-11-04.txt:10:17:06: <elliott_> [elliott@dinky weboflies]$ /bin/true --help
2011-11-04.txt:10:18:58: <elliott_> ais523: any ideas wrt weboflies?
2011-11-04.txt:19:34:17: <ais523> (that's for the syscall getdents; you're not supposed to use it directly, rather using a wrapper, but you can do a few things with it that you can't via the wrapper, such as listing amazingly large directories, and ofc weboflies is at the receiving end of syscalls so it has to understand getdents, not the libc equivalents)
2011-11-04.txt:19:38:11: <elliott_> gcc -o weboflies -m32 -O2 -g --std=gnu99 -Wall -Wextra -Wno-missing-field-initializers -Wno-missing-braces weboflies.c ktt.c -lrt -lpng
2011-11-04.txt:19:48:37: <ais523> I think it's only just new enough to run weboflies, which requires something along the lines of 2.6.30
2011-11-04.txt:19:54:41: <ais523> actually, I think weboflies does connect to a pty
2011-11-05.txt:18:18:37: <ais523> basically, there are three processes: weboflies, fakeinit, process under test
2011-11-05.txt:18:18:50: <ais523> weboflies forks fakeinit as root; fakeinit forks the process after dropping perms, so as nonroot
2011-11-05.txt:18:19:36: <ais523> and weboflies then can't read the process under test's perms on any computers but mine
2011-11-05.txt:18:48:32: <elliott> [elliott@dinky weboflies]$ ls -lhd /proc/7583{,/fd}
2011-11-05.txt:18:48:32: <elliott> [elliott@dinky weboflies]$ ls -lhd /proc/7584{,/fd}
2011-11-05.txt:18:50:35: <ais523> CLONE_PTRACE basically means "debugged-ness propagates over the clone"; weboflies injects it into other process's clone calls
2011-11-05.txt:18:54:29: <elliott> [elliott@dinky weboflies]$ ls -lhd /proc/7739{,/fd}
2011-11-05.txt:18:54:29: <elliott> [elliott@dinky weboflies]$ ls -lhd /proc/7740{,/fd}
2011-11-05.txt:18:54:54: <ais523> elliott: OK, so now we have to figure out what weboflies is doing differently
2011-11-05.txt:18:57:00: <elliott> ais523: am i meant to be reading weboflies.c here, or are you? :-)
2011-11-05.txt:18:58:37: <Phantom_Hoover> What does weboflies do?
2011-11-05.txt:19:40:44: <elliott> ais523: any ideas about weboflies?
2011-11-05.txt:19:46:35: <ais523> such a pity that weboflies repels debuggers
2011-11-05.txt:20:00:17: <elliott> [elliott@dinky Temp]$ qemu-img create weboflies.qemu2 4G
2011-11-05.txt:20:00:17: <elliott> Formatting 'weboflies.qemu2', fmt=raw size=4294967296
2011-11-05.txt:20:00:17: <elliott> -rw-r--r-- 1 elliott users 4.0G Nov  5 19:59 weboflies.qemu2
2011-11-05.txt:20:00:36: <elliott> [elliott@dinky Temp]$ qemu-img create -f qcow2 weboflies.qcow2 4G
2011-11-05.txt:20:00:36: <elliott> Formatting 'weboflies.qcow2', fmt=qcow2 size=4294967296 encryption=off cluster_size=65536
2011-11-05.txt:20:00:36: <elliott> [elliott@dinky Temp]$ ls -lh weboflies.qcow2
2011-11-05.txt:20:00:36: <elliott> -rw-r--r-- 1 elliott users 193K Nov  5 19:59 weboflies.qcow2
2011-11-05.txt:20:00:54: <ais523> for some weboflies test, I was using a sparse ext4
2011-11-05.txt:21:42:05: <elliott> [elliott@dinky Temp]$ qemu -m 1024 -hda weboflies.qcow2 -cdrom ~/Downloads/archlinux-2011.08.19-netinstall-i686.iso -boot c
2011-11-05.txt:22:59:04: <elliott> ais523: weboflies would work in Xen, right?
2011-11-05.txt:23:02:20: <elliott> ais523: [elliott@dinky Temp]$ qemu -m 1024 -hda weboflies.qcow2man -net nic -net user,hostfwd=tcp::2222:22
2011-11-05.txt:23:46:03: <ais523> elliott: well, weboflies works just /fine/ inside the VM
2011-11-05.txt:23:49:02: <ais523> hmm, I just tried running weboflies on su, to see what would happen
2011-11-05.txt:23:53:33: <ais523> and this is running 32-bit su, as weboflies only runs 32-bit programs
2011-11-05.txt:23:54:21: <ais523> elliott: anyway, if you want to run weboflies, now you have a VM it works in ;)
2011-11-05.txt:23:58:10: <elliott> ais523: I did (weboflies)
2011-11-14.txt:22:29:52: <elliott> ais523: hmm, weboflies-related question: can you use a new filesystem namespace as a chroot?
2011-11-14.txt:22:30:52: <ais523> but I've never dared call it from inside weboflies, because I'm not quite that crazy
2011-12-15.txt:19:45:13: <elliott> ais523: but how will you calculate weboflies' eigenratio?
2011-12-15.txt:19:49:47: <ais523> elliott: heh, I have to keep remembering to check EFAULT in weboflies
2011-12-15.txt:19:55:04: <elliott> Vorpal: /proc/<pid>/fd failed to stop being owned by root on weboflies' complicated permissions drop
2012-01-08.txt:14:52:28: <elliott> Yes, so does weboflies.
2012-03-04.txt:19:22:45: <ais523> should be secure against non-malicious accidents; it just increases the attack surface somewhat for people trying to exploit suid weboflies, or whatever, and who'd be mad enough to suid it?
2012-03-04.txt:19:26:42: <ais523> suiding weboflies?
2012-03-04.txt:19:41:04: <ais523> that's exactly what I was doing with the fake framebuffer in weboflies anyway
2012-03-04.txt:19:47:47: <elliott> anyway, I don't see why weboflies couldn't just pretend to the running program that it's root
2012-03-04.txt:19:49:55: <ais523> $ sudo ./weboflies ls /dev/input
2012-03-04.txt:19:51:02: <ais523> $ sudo ./weboflies Xvfb :1
2012-03-04.txt:19:55:32: <ais523> elliott: that's what weboflies does do on unknown syscalls
2012-03-04.txt:19:56:26: <elliott> <ais523> elliott: that's what weboflies does do on unknown syscalls
2012-03-04.txt:20:06:44: <ais523> ais523@desert:~/weboflies$ ln -s Xvfb_screen0 /tmp/Xvfb_screen0.xwd
2012-03-04.txt:20:06:45: <ais523> ais523@desert:~/weboflies$ convert /tmp/Xvfb_screen0.xwd /tmp/t.png
2012-03-04.txt:20:06:47: <ais523> ais523@desert:~/weboflies$ eog /tmp/t.png
2012-03-04.txt:20:06:57: <ais523> so Xvfb is definitely working outside weboflies
2012-03-05.txt:15:05:03: <ais523> I was trying to figure out htf a process inside weboflies could detect X outside it, apparently that was how
2012-03-05.txt:15:06:39: <ais523> do weboflies nc localhost 9999, and you get an error message back that it couldn't determine the IP address that localhost referred to
2012-03-05.txt:15:06:50: <ais523> because there isn't an /etc/hosts inside weboflies, and it has no other sort of DNS
2012-03-05.txt:15:34:51: <ais523> other anyway: I'm annoyed that X seems to segfault inside weboflies but not outside (both Xorg and Xvfb, which appear to be doing the same thing when they segfault)
2012-03-05.txt:15:35:13: <ais523> then all I'll have to do is get core dumps working inside weboflies…
2012-03-05.txt:16:22:25: <ais523> I can't even figure out why weboflies would make a program segfault
2012-03-05.txt:16:25:21: <Phantom_Hoover> weboflies?
2012-03-05.txt:16:26:18: <ais523> yes, weboflies
2012-03-05.txt:16:26:54: <elliott> Phantom_Hoover: you know weboflies
2012-03-05.txt:16:27:01: <elliott> <ais523> I can't even figure out why weboflies would make a program segfault
2012-03-05.txt:16:27:16: <elliott> ais523: ooh, you should post your weboflies problems on SO, the reactions would be priceless
2012-03-05.txt:16:27:20: <ais523> elliott: you /do/ know what happens if you put gdb and weboflies together, right?
2012-03-05.txt:16:31:19: <ais523> and if weboflies doesn't have a syscall implemented, it forwards it to the actual kernel
2012-03-05.txt:16:37:22: <fizzie> ais523: Anyway, can you get core dumps out of weboflies'd processes? It sounds not impossible for those to be gdb'able, depending on how things go.
2012-03-05.txt:16:43:54: <fizzie> ais523: What was the basic weboflies mechanism, anyway? ptrace with PTRACE_SYSCALL? 
2012-03-05.txt:16:44:39: <ais523> btw, weboflies works inside strace (but not strace -f, nor does strace work inside weboflies)
2012-03-05.txt:16:44:46: <ais523> I wonder if /ltrace/ works inside weboflies?
2012-04-04.txt:02:50:00: <elliott> shachaf: That's what weboflies does.
2012-04-04.txt:03:24:39: <elliott> OK, lemme figure out where weboflies.c is.