def check(self, event1, event2):
"""Check if the event pair causes toctou racing"""
s1 = syscalls.event_to_syscall(event1)
s2 = syscalls.event_to_syscall(event2)
if not (s1 and s1):
return False
for callback in self.callbacks:
ret = callback(s1, s2)
if ret is not None:
return ret
return False
def generate(self, event1, event2):
"""Generate string to run in the attacker"""
s1 = syscalls.event_to_syscall(event1)
s2 = syscalls.event_to_syscall(event2)
if not (s1 and s1):
return False
attack_strings = list()
for attacker in self.attackers:
string = attacker.generate(s1, s2)
if string != "":
attack_strings.append(string)
return '\n'.join(attack_strings)
def need_bookmark(self, event, before=False, after=False):
if before:
syscall = syscalls.event_to_syscall(event)
path = syscalls.get_resource_path(syscall)
if path is not None:
event.path = path
return True
return False
def after_replay(self, graph, event):
if event.is_a(scribe.EventSyscallExtra):
if hasattr(event, 'cwd'):
event.proc.cwd = event.cwd
else:
event.cwd = event.proc.cwd
if hasattr(event, 'root'):
event.proc.root = event.root
else:
event.root = event.proc.root
syscall = syscalls.event_to_syscall(event)
path = syscalls.get_resource_path(syscall)
if path is not None:
event.path = os.path.join(event.cwd, path)
def skip_parent_dir_race(resource, node1, node2):
if resource.type not in [scribe.SCRIBE_RES_TYPE_INODE,
scribe.SCRIBE_RES_TYPE_FILES_STRUCT]:
return False
for node in [node1, node2]:
if not node:
return False
if not hasattr(node, 'path'):
syscall = syscalls.event_to_syscall(node)
node.path = syscalls.get_resource_path(syscall)
if not node.path or not os.path.isabs(node.path):
return False
if node1 and node2 and \
os.path.commonprefix([node1.path, node2.path]) not in \
[node1.path, node2.path]:
return True
