krf
krf copied to clipboard
trailofbits
A kernelspace syscall interceptor and randomized faulter
We should support faulting these syscalls. - [x] `vhangup` - [x] `sysctl` - [x] `prctl` - [ ] `arch_prctl` - [x] `adjtime` - [x] `adjtimex` - [x] `pivot_root` - [...
One problem with faulting programs under KRF is that KRF might decide to inject a fault during the dynamic link/load phase, aborting `ld-linux.so` instead of the actual target image. This...
KRF currently makes x86 specific assumptions, and *may* make x86_64-specific assumptions. We should try to eliminate the latter (if they exist) so that it can be built with support for...
Right now we provide auto-generated profiles for different kinds of syscalls (e.g. `fs`, `io`, `ipc`) as well as an `all` profile that contains every faultable syscall. In addition to these,...
Running a parallel build (eg. `gmake -j2`) does not succeed on FreeBSD. When `src/module/freebsd/Makefile` calls the `Makefile.module` with BSDMake, the following error occurs and the build is cancelled: `make[1]: illegal...
A kernel oops is often caused on module unload. This is because a process can start a faulted blocking syscall, such as `wait4` or `select`, then have the syscall table...
The build doesn't currently track header files as dependencies for targets, meaning that it's possible to produce a broken build by changing a constant/macro in a header file. We should...
`KRF_SAFE_WRITE` is currently a no-op on FreeBSD: https://github.com/trailofbits/krf/blob/82990c258c2e0b555f358b76b21f8781b1f42a54/src/module/freebsd/freebsd.h#L5 We should check whether FreeBSD provides `cr0` manipulation functions/macros. If it doesn't, then we should add our own like the ones [used...
Right now, the codegen specs (e.g. `read.yml`) include hardcoded `proto` and `parm` fields that correspond to the prototype and parameter list for each syscall. This is confusing, hard to read,...
Right now, KRF can only target a process based on its `personality(2)` mask. This works really well, but we should support other techniques. Candidate techniques (not exhaustive): * PID (or...
Metadata
Owner
Metadata
A kernelspace syscall interceptor and randomized faulter