From 0e433c11a21e58cc8ce28cef97bf96aad3523d4d Mon Sep 17 00:00:00 2001 From: mothcompute Date: Tue, 28 Nov 2023 11:34:13 -0800 Subject: [PATCH] libc cleanup --- main.c | 54 +++++++++++++++++++++++++---------------------- th.s | 66 ---------------------------------------------------------- 2 files changed, 29 insertions(+), 91 deletions(-) diff --git a/main.c b/main.c index f60a3c3..26bf63e 100644 --- a/main.c +++ b/main.c @@ -11,10 +11,8 @@ #define SYSCT_FBSD 588 -extern void trap(gregset_t); extern void cat(int fd, long sz); -extern uint32_t trapsz; -extern uint8_t sel; +uint8_t sel = SYSCALL_DISPATCH_FILTER_ALLOW; uint16_t scmap[SYSCT_FBSD] = { -1, // SYS_syscall needs args shifted @@ -30,11 +28,31 @@ uint16_t scmap[SYSCT_FBSD] = { SYS_unlink, -1, // [obsolete] execv SYS_chdir, - SYS_fchdir + SYS_fchdir, + -1, // [freebsd11] mknod + SYS_chmod, + SYS_chown, + -1, // break (no manual) + -1, // [freebsd4] getfsstat + -1, // [old] lseek + SYS_getpid, }; -void ftrp(int n, siginfo_t* s, ucontext_t* c) { +// TODO also create trampoline for freebsd native signals +void systrap(int n, siginfo_t* s, ucontext_t* c) { sel = SYSCALL_DISPATCH_FILTER_ALLOW; + if(s->si_code != /* SYS_USER_DISPATCH - value from */ 2) { + // TODO chain old syscall handler + } else if(s->si_syscall > SYSCT_FBSD-1) { + // TODO fail - check how freebsd does this, esp. with nosys entries + } else if(scmap[s->si_syscall] == -1) { + switch(s->si_syscall) { + default: + abort(); + break; + } + } + // TODO find max arg ct. and check stack if needed c->uc_mcontext.gregs[13] = syscall( scmap[s->si_syscall], c->uc_mcontext.gregs[8], @@ -42,9 +60,7 @@ void ftrp(int n, siginfo_t* s, ucontext_t* c) { c->uc_mcontext.gregs[12] ); //for(int i = 0; i < 23; i++) printf("%i: %lX\n", i, c->uc_mcontext.gregs[i]); - //printf("%u\n", s->si_arch); sel = SYSCALL_DISPATCH_FILTER_BLOCK; - //trap(c->uc_mcontext.gregs); } typedef struct { @@ -134,12 +150,12 @@ int main(int argc, char** argv) { struct sigaction a, oa; sigemptyset(&a.sa_mask); a.sa_flags = SA_SIGINFO; - a.sa_sigaction = ftrp; - sigaction(SIGSYS, &a, &oa); - sel = SYSCALL_DISPATCH_FILTER_ALLOW; + a.sa_sigaction = (void(*)(int, siginfo_t*, void*))systrap; int nm; char** smaps = getmaps(&nm); + + // TODO RW to only call stomap if strstr libc - saves memory and cycles map maps[nm-1]; for(int i = 0; i < nm-1; i++) { stomap(smaps[i], maps + i); @@ -160,29 +176,17 @@ int main(int argc, char** argv) { ".X"[(maps[i].rwx >> 0) & 1] ); */ - if( ( - strstr(maps[i].name, "libc") - //||strstr(maps[i].name, "ld-linux") || - //strstr(maps[i].name, "fl") || - //!strcmp(maps[i].name, "[vdso]") || - //!strcmp(maps[i].name, "[vsyscall]") - ) && (maps[i].rwx & 1) - ) { - prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, maps[i].start, maps[i].len, &sel); - // printf("enable sud bypass\n"); - } - //printf("\n"); + if(strstr(maps[i].name, "libc") && (maps[i].rwx & 1)) prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, maps[i].start, maps[i].len, &sel); } for(int i = 0; i < nm; i++) free(smaps[i]); free(smaps); + // END RW if(argc < 2) return printf("no file provided\n"); int fd = open(argv[1], O_RDONLY); struct stat s; fstat(fd, &s); - //printf("start cat() with freebsd syscalls\n"); - //prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON, trap, trapsz, &sel); - //write(1, "fghgfgfg\n", 9); + sigaction(SIGSYS, &a, &oa); sel = SYSCALL_DISPATCH_FILTER_BLOCK; cat(fd, s.st_size); } diff --git a/th.s b/th.s index 3499db3..5d1e883 100644 --- a/th.s +++ b/th.s @@ -1,79 +1,13 @@ bits 64 default rel -global trap -global trapsz global cat -global sel - -extern scmap section .data -sel: db 1 -trapsz: dd cat-trap; buf: db 0 section .text -trap: - ;mov rax, 60 - ;syscall - push r8 - push r9 - push r10 - push r11 - push r12 - push r13 - push r14 - push r15 - push rsi - push rbp - push rbx - push rdx - push rcx - - mov r8, [rdi] - mov r9, [rdi+8] - mov r10, [rdi+16] - mov r11, [rdi+24] - mov r12, [rdi+32] - mov r13, [rdi+40] - mov r14, [rdi+48] - mov r15, [rdi+56] - mov rsi, [rdi+72] - mov rbp, [rdi+80] - mov rbx, [rdi+88] - mov rdx, [rdi+96] - mov rax, [rdi+104] - mov rcx, [rdi+112] - - mov rdi, [rdi+64] - syscall - - pop rcx - pop rdx - pop rbx - pop rbp - pop rsi - pop r15 - pop r14 - pop r13 - pop r12 - pop r11 - pop r10 - pop r9 - pop r8 - ret - - - - push rbx - ;mov ax, word [rel scmap + 2*eax] - lea rbx, [scmap] - lea rax, [rbx + 2*rax] - movzx eax, ax - pop rbx - ret cat: push r12 push rbx