Mercurial > repo

changeset 169:cc236fe22acf

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
<elliott> pastelogs weboflies
author HackBot
date Wed, 04 Apr 2012 03:25:39 +0000
parents 2963a3f65111
children 6fefb9cff616
files paste/paste.16022
diffstat 1 files changed, 122 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/paste/paste.16022	Wed Apr 04 03:25:39 2012 +0000
@@ -0,0 +1,122 @@
+2011-11-03.txt:19:57:23: <ais523\unfoog> Vorpal: weboflies
+2011-11-03.txt:20:05:45: <Vorpal> ais523\unfoog, how much of a FPS drop do you get from weboflies typically with opengl stuff?
+2011-11-03.txt:20:06:16: <ais523\unfoog> the joyous thing is, that weboflies only has a performance penalty on syscalls
+2011-11-03.txt:20:25:25: <ais523\unfoog> gcc -o weboflies -O2 -g --std=gnu99 -Wall -Wextra -Wno-missing-field-initializers -Wno-missing-braces weboflies.c ktt.c -lrt -lpng
+2011-11-03.txt:20:26:40: <ais523\unfoog> weboflies has a command line
+2011-11-03.txt:20:28:56: <elliott> weboflies.c:1910:70: error: ‘struct user_regs_struct’ has no member named ‘ebx’
+2011-11-03.txt:20:28:56: <elliott> weboflies.c:1913:70: error: ‘struct user_regs_struct’ has no member named ‘ebx’
+2011-11-03.txt:20:28:56: <elliott> weboflies.c:1928:21: error: ‘struct user_regs_struct’ has no member named ‘ecx’
+2011-11-03.txt:20:28:56: <elliott> weboflies.c:1931:22: error: ‘struct user_regs_struct’ has no member named ‘esi’
+2011-11-03.txt:20:28:56: <elliott> weboflies.c:1932:44: error: ‘struct user_regs_struct’ has no member named ‘esi’
+2011-11-03.txt:20:28:56: <elliott> weboflies.c:1934:22: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’
+2011-11-03.txt:20:28:58: <elliott> weboflies.c:1940:22: error: ‘struct user_regs_struct’ has no member named ‘esi’
+2011-11-03.txt:20:29:00: <elliott> weboflies.c:1944:70: error: ‘struct user_regs_struct’ has no member named ‘esi’
+2011-11-03.txt:20:29:02: <elliott> weboflies.c:1950:20: error: ‘struct user_regs_struct’ has no member named ‘esi’
+2011-11-03.txt:20:29:04: <elliott> weboflies.c:1978:16: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’
+2011-11-03.txt:20:29:06: <elliott> weboflies.c:2002:20: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’
+2011-11-03.txt:20:32:40: <ais523\unfoog> this is how weboflies has genuinely caused filesystem leaks in the past
+2011-11-03.txt:20:33:48: <ais523\unfoog> but weboflies' processes are often quite hard to get rid of
+2011-11-03.txt:20:56:55: <ais523\unfoog> the weboflies core, which I'm writing at the moment, would need to be connected to some sort of interface to actually read it
+2011-11-03.txt:22:03:49: <elliott> [elliott@dinky weboflies]$ find .
+2011-11-03.txt:22:03:49: <elliott> ./weboflies.c
+2011-11-03.txt:22:04:09: <Vorpal> ./weboflies.c
+2011-11-03.txt:22:04:10: <Vorpal> ./weboflies
+2011-11-03.txt:22:30:15: <elliott> [elliott@dinky ~]$ ldd ~/Code/weboflies/build.sh
+2011-11-03.txt:22:30:39: <elliott> [elliott@dinky ~]$ ldd ~/Code/weboflies/build.sh
+2011-11-03.txt:22:30:39: <elliott> ldd: warning: you do not have execution permission for `/home/elliott/Code/weboflies/build.sh'
+2011-11-04.txt:03:55:25: <elliott> [elliott@dinky weboflies]$ sudo ./weboflies ls
+2011-11-04.txt:03:55:25: <elliott> = WARNING: mount("/home/ais523/weboflies/nethack/nethack", "/tmp/var/games/nethack", 0, MS_BIND, 0): No such file or directory
+2011-11-04.txt:03:57:54: <elliott>   ewarn(mount("/home/ais523/weboflies/nethack/nethack", "/tmp/var/games/nethack", 0, MS_BIND, 0));
+2011-11-04.txt:03:59:10: <elliott> [elliott@dinky weboflies]$ sudo ./weboflies ls
+2011-11-04.txt:09:48:01: <elliott> note: it was "sudo ./weboflies true"; true is 64-bit, but I tried it on Web of Lies itself and it still failed, so I suspect it's a generic problem
+2011-11-04.txt:09:48:13: <elliott> weboflies isn't suid :)
+2011-11-04.txt:09:57:39: <elliott> ais523: I could run weboflies under gd... what am I saying, of course I can't
+2011-11-04.txt:09:58:18: <elliott> [elliott@dinky weboflies]$ sudo gdb ./weboflies
+2011-11-04.txt:10:02:29: <elliott_> i killed the gdb'd weboflies
+2011-11-04.txt:10:03:25: <ais523> this is weboflies!
+2011-11-04.txt:10:03:51: <ais523> (note that a kill -9 on weboflies itself is nearly always a bad idea)
+2011-11-04.txt:10:05:30: <elliott_> [elliott@dinky weboflies]$ sudo ./weboflies true
+2011-11-04.txt:10:05:34: <elliott_>   781 pts/0    00:00:00 weboflies
+2011-11-04.txt:10:05:34: <elliott_>   782 pts/1    00:00:00 weboflies
+2011-11-04.txt:10:05:35: <elliott_>   783 pts/1    00:00:00 weboflies
+2011-11-04.txt:10:05:46: <elliott_> [elliott@dinky weboflies]$ ls -l /proc | grep 783
+2011-11-04.txt:10:06:04: <elliott_> [elliott@dinky weboflies]$ ls -l /proc/783/fd
+2011-11-04.txt:10:06:09: <elliott_> [elliott@dinky weboflies]$ ls -ld /proc/783/fd
+2011-11-04.txt:10:07:35: <elliott_> [elliott@dinky weboflies]$ ls -ld /proc/781{,/fd}
+2011-11-04.txt:10:07:35: <elliott_> [elliott@dinky weboflies]$ ls -ld /proc/782{,/fd}
+2011-11-04.txt:10:08:19: <elliott_> [elliott@dinky weboflies]$ ls /proc/self/fd
+2011-11-04.txt:10:08:27: <elliott_> [elliott@dinky weboflies]$ ls -ld /proc/self{,/fd}
+2011-11-04.txt:10:08:50: <elliott_> [elliott@dinky weboflies]$ ls -ldH /proc/self{,/fd}
+2011-11-04.txt:10:12:55: <elliott_> I was thinking weboflies could chown its /proc/blah/fd before dropping perms :)
+2011-11-04.txt:10:17:06: <elliott_> [elliott@dinky weboflies]$ /bin/true --help
+2011-11-04.txt:10:18:58: <elliott_> ais523: any ideas wrt weboflies?
+2011-11-04.txt:19:34:17: <ais523> (that's for the syscall getdents; you're not supposed to use it directly, rather using a wrapper, but you can do a few things with it that you can't via the wrapper, such as listing amazingly large directories, and ofc weboflies is at the receiving end of syscalls so it has to understand getdents, not the libc equivalents)
+2011-11-04.txt:19:38:11: <elliott_> gcc -o weboflies -m32 -O2 -g --std=gnu99 -Wall -Wextra -Wno-missing-field-initializers -Wno-missing-braces weboflies.c ktt.c -lrt -lpng
+2011-11-04.txt:19:48:37: <ais523> I think it's only just new enough to run weboflies, which requires something along the lines of 2.6.30
+2011-11-04.txt:19:54:41: <ais523> actually, I think weboflies does connect to a pty
+2011-11-05.txt:18:18:37: <ais523> basically, there are three processes: weboflies, fakeinit, process under test
+2011-11-05.txt:18:18:50: <ais523> weboflies forks fakeinit as root; fakeinit forks the process after dropping perms, so as nonroot
+2011-11-05.txt:18:19:36: <ais523> and weboflies then can't read the process under test's perms on any computers but mine
+2011-11-05.txt:18:48:32: <elliott> [elliott@dinky weboflies]$ ls -lhd /proc/7583{,/fd}
+2011-11-05.txt:18:48:32: <elliott> [elliott@dinky weboflies]$ ls -lhd /proc/7584{,/fd}
+2011-11-05.txt:18:50:35: <ais523> CLONE_PTRACE basically means "debugged-ness propagates over the clone"; weboflies injects it into other process's clone calls
+2011-11-05.txt:18:54:29: <elliott> [elliott@dinky weboflies]$ ls -lhd /proc/7739{,/fd}
+2011-11-05.txt:18:54:29: <elliott> [elliott@dinky weboflies]$ ls -lhd /proc/7740{,/fd}
+2011-11-05.txt:18:54:54: <ais523> elliott: OK, so now we have to figure out what weboflies is doing differently
+2011-11-05.txt:18:57:00: <elliott> ais523: am i meant to be reading weboflies.c here, or are you? :-)
+2011-11-05.txt:18:58:37: <Phantom_Hoover> What does weboflies do?
+2011-11-05.txt:19:40:44: <elliott> ais523: any ideas about weboflies?
+2011-11-05.txt:19:46:35: <ais523> such a pity that weboflies repels debuggers
+2011-11-05.txt:20:00:17: <elliott> [elliott@dinky Temp]$ qemu-img create weboflies.qemu2 4G
+2011-11-05.txt:20:00:17: <elliott> Formatting 'weboflies.qemu2', fmt=raw size=4294967296
+2011-11-05.txt:20:00:17: <elliott> -rw-r--r-- 1 elliott users 4.0G Nov  5 19:59 weboflies.qemu2
+2011-11-05.txt:20:00:36: <elliott> [elliott@dinky Temp]$ qemu-img create -f qcow2 weboflies.qcow2 4G
+2011-11-05.txt:20:00:36: <elliott> Formatting 'weboflies.qcow2', fmt=qcow2 size=4294967296 encryption=off cluster_size=65536
+2011-11-05.txt:20:00:36: <elliott> [elliott@dinky Temp]$ ls -lh weboflies.qcow2
+2011-11-05.txt:20:00:36: <elliott> -rw-r--r-- 1 elliott users 193K Nov  5 19:59 weboflies.qcow2
+2011-11-05.txt:20:00:54: <ais523> for some weboflies test, I was using a sparse ext4
+2011-11-05.txt:21:42:05: <elliott> [elliott@dinky Temp]$ qemu -m 1024 -hda weboflies.qcow2 -cdrom ~/Downloads/archlinux-2011.08.19-netinstall-i686.iso -boot c
+2011-11-05.txt:22:59:04: <elliott> ais523: weboflies would work in Xen, right?
+2011-11-05.txt:23:02:20: <elliott> ais523: [elliott@dinky Temp]$ qemu -m 1024 -hda weboflies.qcow2man -net nic -net user,hostfwd=tcp::2222:22
+2011-11-05.txt:23:46:03: <ais523> elliott: well, weboflies works just /fine/ inside the VM
+2011-11-05.txt:23:49:02: <ais523> hmm, I just tried running weboflies on su, to see what would happen
+2011-11-05.txt:23:53:33: <ais523> and this is running 32-bit su, as weboflies only runs 32-bit programs
+2011-11-05.txt:23:54:21: <ais523> elliott: anyway, if you want to run weboflies, now you have a VM it works in ;)
+2011-11-05.txt:23:58:10: <elliott> ais523: I did (weboflies)
+2011-11-14.txt:22:29:52: <elliott> ais523: hmm, weboflies-related question: can you use a new filesystem namespace as a chroot?
+2011-11-14.txt:22:30:52: <ais523> but I've never dared call it from inside weboflies, because I'm not quite that crazy
+2011-12-15.txt:19:45:13: <elliott> ais523: but how will you calculate weboflies' eigenratio?
+2011-12-15.txt:19:49:47: <ais523> elliott: heh, I have to keep remembering to check EFAULT in weboflies
+2011-12-15.txt:19:55:04: <elliott> Vorpal: /proc/<pid>/fd failed to stop being owned by root on weboflies' complicated permissions drop
+2012-01-08.txt:14:52:28: <elliott> Yes, so does weboflies.
+2012-03-04.txt:19:22:45: <ais523> should be secure against non-malicious accidents; it just increases the attack surface somewhat for people trying to exploit suid weboflies, or whatever, and who'd be mad enough to suid it?
+2012-03-04.txt:19:26:42: <ais523> suiding weboflies?
+2012-03-04.txt:19:41:04: <ais523> that's exactly what I was doing with the fake framebuffer in weboflies anyway
+2012-03-04.txt:19:47:47: <elliott> anyway, I don't see why weboflies couldn't just pretend to the running program that it's root
+2012-03-04.txt:19:49:55: <ais523> $ sudo ./weboflies ls /dev/input
+2012-03-04.txt:19:51:02: <ais523> $ sudo ./weboflies Xvfb :1
+2012-03-04.txt:19:55:32: <ais523> elliott: that's what weboflies does do on unknown syscalls
+2012-03-04.txt:19:56:26: <elliott> <ais523> elliott: that's what weboflies does do on unknown syscalls
+2012-03-04.txt:20:06:44: <ais523> ais523@desert:~/weboflies$ ln -s Xvfb_screen0 /tmp/Xvfb_screen0.xwd
+2012-03-04.txt:20:06:45: <ais523> ais523@desert:~/weboflies$ convert /tmp/Xvfb_screen0.xwd /tmp/t.png
+2012-03-04.txt:20:06:47: <ais523> ais523@desert:~/weboflies$ eog /tmp/t.png
+2012-03-04.txt:20:06:57: <ais523> so Xvfb is definitely working outside weboflies
+2012-03-05.txt:15:05:03: <ais523> I was trying to figure out htf a process inside weboflies could detect X outside it, apparently that was how
+2012-03-05.txt:15:06:39: <ais523> do weboflies nc localhost 9999, and you get an error message back that it couldn't determine the IP address that localhost referred to
+2012-03-05.txt:15:06:50: <ais523> because there isn't an /etc/hosts inside weboflies, and it has no other sort of DNS
+2012-03-05.txt:15:34:51: <ais523> other anyway: I'm annoyed that X seems to segfault inside weboflies but not outside (both Xorg and Xvfb, which appear to be doing the same thing when they segfault)
+2012-03-05.txt:15:35:13: <ais523> then all I'll have to do is get core dumps working inside weboflies…
+2012-03-05.txt:16:22:25: <ais523> I can't even figure out why weboflies would make a program segfault
+2012-03-05.txt:16:25:21: <Phantom_Hoover> weboflies?
+2012-03-05.txt:16:26:18: <ais523> yes, weboflies
+2012-03-05.txt:16:26:54: <elliott> Phantom_Hoover: you know weboflies
+2012-03-05.txt:16:27:01: <elliott> <ais523> I can't even figure out why weboflies would make a program segfault
+2012-03-05.txt:16:27:16: <elliott> ais523: ooh, you should post your weboflies problems on SO, the reactions would be priceless
+2012-03-05.txt:16:27:20: <ais523> elliott: you /do/ know what happens if you put gdb and weboflies together, right?
+2012-03-05.txt:16:31:19: <ais523> and if weboflies doesn't have a syscall implemented, it forwards it to the actual kernel
+2012-03-05.txt:16:37:22: <fizzie> ais523: Anyway, can you get core dumps out of weboflies'd processes? It sounds not impossible for those to be gdb'able, depending on how things go.
+2012-03-05.txt:16:43:54: <fizzie> ais523: What was the basic weboflies mechanism, anyway? ptrace with PTRACE_SYSCALL? 
+2012-03-05.txt:16:44:39: <ais523> btw, weboflies works inside strace (but not strace -f, nor does strace work inside weboflies)
+2012-03-05.txt:16:44:46: <ais523> I wonder if /ltrace/ works inside weboflies?
+2012-04-04.txt:02:50:00: <elliott> shachaf: That's what weboflies does.
+2012-04-04.txt:03:24:39: <elliott> OK, lemme figure out where weboflies.c is.