Esempio n. 1
0
    def callbefore(self, pid, call, args):
        sign = self.callaccess[call]
        tofree = [-1] * 6
        if not isinstance(sign, types.TupleType):
            return (tofree, None, None, None)

        mem = Memory.getMemory(pid)
        getarg = mem.get_string
        cargs = args[:]
        for i in range(len(sign)):
            followlink = len(sign[i]) < 2
            assert followlink or sign[i][1] == 'l'
            p = getarg(args[i])
            p = self.mappath(
                p
            )  # This is still not quite good -- user could pass /home////johanka and bypass this
            p = tricklib.canonical_path(pid, p, followlink)  # Resolve to FQN
            if not isinstance(p, types.StringType):
                #		print 'Panic: what to do when canonical path fails:', p, '(', getarg(args[i]), ')'
                # FIXME: We need to kill it in order to prevent bad races. But killing it means problems for creat!
                return (tofree, -p, None, None)
            p = self.mappath(p)
            tofree[i], cargs[i] = scratch.alloc_str(p)

        # don't mess with creation of relative symlinks
        if call == 'symlink':
            if mem.get_string(args[0])[0] != '/':
                cargs[0] = args[0]

        if call == 'open':
            # FIXME:
            # if we allow user to do ln -s a b without permissions for a, and
            # user tries to access /tmp/b/local/bin...
            #	    cargs[1] = cargs[1] | os.O_NOFOLLOW
            cargs[1] = cargs[
                1] | 0400000  # Not supported by python, yet. This is true for 386

        if call == 'creat':
            print "Creat disabled, should be modified to open"
            return (tofree, -errno.EFAULT, None, None
                    )  # Creat should be rewritten to open()
        return (tofree, None, None, cargs)
Esempio n. 2
0
    def callbefore(self, pid, call, args):
        sign = self.callaccess[call]
	tofree = [-1] * 6
        if not isinstance(sign, types.TupleType):
	    return (tofree, None, None, None)

        mem = Memory.getMemory(pid)
        getarg = mem.get_string
	cargs = args[:]
        for i in range(len(sign)):
            followlink = len(sign[i]) < 2
            assert followlink or sign[i][1] == 'l'
            p = getarg(args[i])
	    p = self.mappath(p) # This is still not quite good -- user could pass /home////johanka and bypass this
	    p = tricklib.canonical_path(pid, p, followlink) # Resolve to FQN
	    if not isinstance(p, types.StringType):
#		print 'Panic: what to do when canonical path fails:', p, '(', getarg(args[i]), ')'
# FIXME: We need to kill it in order to prevent bad races. But killing it means problems for creat!
		return (tofree, -p, None, None)
	    p = self.mappath(p)
	    tofree[i], cargs[i] = scratch.alloc_str(p)
 
        # don't mess with creation of relative symlinks
        if call=='symlink':
            if mem.get_string(args[0])[0] != '/':
                cargs[0] = args[0]

	if call=='open':
# FIXME:
# if we allow user to do ln -s a b without permissions for a, and
# user tries to access /tmp/b/local/bin...
#	    cargs[1] = cargs[1] | os.O_NOFOLLOW
	    cargs[1] = cargs[1] | 0400000	# Not supported by python, yet. This is true for 386

	if call=='creat':
	    print "Creat disabled, should be modified to open"
	    return (tofree, -errno.EFAULT, None, None)	# Creat should be rewritten to open()
	return (tofree, None, None, cargs)
Esempio n. 3
0
    def callafter(self, pid, call, result, state):
        "don't let program see that we wrote extra bytes"
	handle , addr = scratch.alloc_str(disclaimer)
	# FIXME: I really should not hardcode call numbers like this
	p_linux_i386.force_syscall(pid, 4, state, addr, len(disclaimer))
	scratch.free(handle)