diff --git a/.gitattributes b/.gitattributes
index 58d5269c4928d0a22f724e7a41c1e9bfcae5b5af..553a83969836988a2c4e46cdb90931b941d1f30c 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -6903,6 +6903,8 @@ tools/signatures/sqlite.sigs -text
tools/test_controller.sh -text
tools/update_env_var.sh -text
tools/validate.sh -text
+tools/zanalyze.sh -text
+tools/zipr_ce.sh -text
web_server/.lighttpdpassword -text
web_server/lighttpd_conf_template -text
web_server/www/hello_world.txt -text
diff --git a/tools/cfar_configs/cfar_probBilr_zipr.sh b/tools/cfar_configs/cfar_probBilr_zipr.sh
index 81f06b2947cf182b5d119c8e2e2f3214329d9559..6fdb14fc8c01544c984383ff2fe4761478bfb311 100755
--- a/tools/cfar_configs/cfar_probBilr_zipr.sh
+++ b/tools/cfar_configs/cfar_probBilr_zipr.sh
@@ -1,3 +1,3 @@
#!/bin/bash
-$PEASOUP_HOME/tools/cfar.sh "$1" "$2" "$3" --backend zipr --config_name $(basename $0 .sh|sed "s/cfar_//")
+$PEASOUP_HOME/tools/cfar.sh "$@" --backend zipr --config_name $(basename $0 .sh|sed "s/cfar_//")
diff --git a/tools/cfar_configs/cfar_probIlr_strata.sh b/tools/cfar_configs/cfar_probIlr_strata.sh
index 00b6d0bcdfa5a6eb4370aa1a500a7f5c0c5b46ab..086a0432e8c6a3c9e0d56907b41f2250b91eaa89 100755
--- a/tools/cfar_configs/cfar_probIlr_strata.sh
+++ b/tools/cfar_configs/cfar_probIlr_strata.sh
@@ -1,3 +1,3 @@
#!/bin/bash
-$PEASOUP_HOME/tools/cfar.sh "$1" "$2" "$3" --backend strata --step ilr=on --config_name $(basename $0 .sh|sed "s/cfar_//")
+$PEASOUP_HOME/tools/cfar.sh "$@" --backend strata --step ilr=on --config_name $(basename $0 .sh|sed "s/cfar_//")
diff --git a/tools/cfar_configs/cfar_probP1_strata.sh b/tools/cfar_configs/cfar_probP1_strata.sh
index e6717824a0d3b5963f52fb5bbc9ae9877fa83f97..70b538320eab726848a5627a967d0c5f4fd9aba8 100755
--- a/tools/cfar_configs/cfar_probP1_strata.sh
+++ b/tools/cfar_configs/cfar_probP1_strata.sh
@@ -1,3 +1,3 @@
#!/bin/bash
-SPASM_SEED=$$ $PEASOUP_HOME/tools/cfar.sh "$1" "$2" "$3" --step p1transform=on --config_name $(basename $0 .sh|sed "s/cfar_//")
+SPASM_SEED=$$ $PEASOUP_HOME/tools/cfar.sh "$@" --step p1transform=on --config_name $(basename $0 .sh|sed "s/cfar_//")
diff --git a/tools/cfar_configs/cfar_probP1_zipr.sh b/tools/cfar_configs/cfar_probP1_zipr.sh
index 99b4fd0b162bafba684f50f9d0dd752cb3106ab1..072c34081807d110221ee68a38e07d3ce0735a64 100755
--- a/tools/cfar_configs/cfar_probP1_zipr.sh
+++ b/tools/cfar_configs/cfar_probP1_zipr.sh
@@ -1,3 +1,3 @@
#!/bin/bash
-$PEASOUP_HOME/tools/cfar.sh "$1" "$2" "$3" --backend zipr --step p1transform=on --step-option zipr:"--zipr:seed $$" --config_name $(basename $0 .sh|sed "s/cfar_//")
+$PEASOUP_HOME/tools/cfar.sh "$@" --backend zipr --step p1transform=on --step-option zipr:"--zipr:seed $$" --config_name $(basename $0 .sh|sed "s/cfar_//")
diff --git a/tools/cfar_configs/cfar_structNoc_probP1_probHeaprand_zipr.sh b/tools/cfar_configs/cfar_structNoc_probP1_probHeaprand_zipr.sh
index 7e358e5f0c0e6df4429fb53e8fee89c48d8a1983..1baba32a8fd1c99df57a3422632991684cc26ec5 100755
--- a/tools/cfar_configs/cfar_structNoc_probP1_probHeaprand_zipr.sh
+++ b/tools/cfar_configs/cfar_structNoc_probP1_probHeaprand_zipr.sh
@@ -1,3 +1,3 @@
#!/bin/bash
-$PEASOUP_HOME/tools/cfar.sh "$1" "$2" "$3" --backend zipr --step-option zipr:"--zipr:seed $$" --structured_noc --step-option zipr:"--large_only:on true" --step p1transform=on --config_name $(basename $0 .sh|sed "s/cfar_//") --diehard
+$PEASOUP_HOME/tools/cfar.sh "$@" --backend zipr --step-option zipr:"--zipr:seed $$" --structured_noc --step-option zipr:"--large_only:on true" --step p1transform=on --config_name $(basename $0 .sh|sed "s/cfar_//") --diehard
diff --git a/tools/cfar_configs/cfar_structNoc_probP1_zipr.sh b/tools/cfar_configs/cfar_structNoc_probP1_zipr.sh
index 4a03f6f604cf41e50423196ab5122224763ab2ac..a39f99ca6e0dca6612f06ac9f4f0d19300f4cf44 100755
--- a/tools/cfar_configs/cfar_structNoc_probP1_zipr.sh
+++ b/tools/cfar_configs/cfar_structNoc_probP1_zipr.sh
@@ -1,3 +1,3 @@
#!/bin/bash
-$PEASOUP_HOME/tools/cfar.sh "$1" "$2" "$3" --backend zipr --step-option zipr:"--zipr:seed $$" --structured_noc --step-option zipr:"--large_only:on true" --step p1transform=on --config_name $(basename $0 .sh|sed "s/cfar_//")
+$PEASOUP_HOME/tools/cfar.sh "$@" --backend zipr --step-option zipr:"--zipr:seed $$" --structured_noc --step-option zipr:"--large_only:on true" --step p1transform=on --config_name $(basename $0 .sh|sed "s/cfar_//")
diff --git a/tools/cfar_configs/cfar_structNoc_structP1Canaries_probBilr_zipr.sh b/tools/cfar_configs/cfar_structNoc_structP1Canaries_probBilr_zipr.sh
index 2075d1dd445ee163ac99386f16bec0ce64394e56..93f4f3f0685e5e189c3330c39655e5d1350f0e80 100755
--- a/tools/cfar_configs/cfar_structNoc_structP1Canaries_probBilr_zipr.sh
+++ b/tools/cfar_configs/cfar_structNoc_structP1Canaries_probBilr_zipr.sh
@@ -3,7 +3,7 @@
echo NOC+Bilr generates working binaries, but Bilr is not yet applied. Avoid this config for now.
exit 1
-$PEASOUP_HOME/tools/cfar.sh "$1" "$2" "$3" --backend zipr --structured_noc --step-option zipr:"--large_only:on true" --structured_p1_canaries --step p1transform=on --config_name $(basename $0 .sh|sed "s/cfar_//")
+$PEASOUP_HOME/tools/cfar.sh "$@" --backend zipr --structured_noc --step-option zipr:"--large_only:on true" --structured_p1_canaries --step p1transform=on --config_name $(basename $0 .sh|sed "s/cfar_//")
# --step-option zipr:"--zipr:seed $$"
diff --git a/tools/cfar_configs/cfar_structNoc_structP1Canaries_zipr.sh b/tools/cfar_configs/cfar_structNoc_structP1Canaries_zipr.sh
index c82d1c8785f211c42595d13aacea1d82716a4ebb..cd2fb5d85444663723bf04c65ca367258bad9f76 100755
--- a/tools/cfar_configs/cfar_structNoc_structP1Canaries_zipr.sh
+++ b/tools/cfar_configs/cfar_structNoc_structP1Canaries_zipr.sh
@@ -1,3 +1,3 @@
#!/bin/bash
-$PEASOUP_HOME/tools/cfar.sh "$1" "$2" "$3" --backend zipr --step-option zipr:"--zipr:seed $$" --structured_noc --step-option zipr:"--large_only:on true" --structured_p1_canaries --step p1transform=on --config_name $(basename $0 .sh|sed "s/cfar_//")
+$PEASOUP_HOME/tools/cfar.sh "$@" --backend zipr --step-option zipr:"--zipr:seed $$" --structured_noc --step-option zipr:"--large_only:on true" --structured_p1_canaries --step p1transform=on --config_name $(basename $0 .sh|sed "s/cfar_//")
diff --git a/tools/cfar_configs/cfar_structNoc_zipr.sh b/tools/cfar_configs/cfar_structNoc_zipr.sh
index 131c56379fbc43cc227f29dde4cf3eb4705685c1..095f63624bfb144de55eb99b5d9e2a8deda7257f 100755
--- a/tools/cfar_configs/cfar_structNoc_zipr.sh
+++ b/tools/cfar_configs/cfar_structNoc_zipr.sh
@@ -1,3 +1,3 @@
#!/bin/bash
-$PEASOUP_HOME/tools/cfar.sh "$1" "$2" "$3" --backend zipr --step-option zipr:"--zipr:seed $$" --structured_noc --step-option zipr:"--large_only:on true" --config_name $(basename $0 .sh|sed "s/cfar_//")
+$PEASOUP_HOME/tools/cfar.sh "$@" --backend zipr --step-option zipr:"--zipr:seed $$" --structured_noc --step-option zipr:"--large_only:on true" --config_name $(basename $0 .sh|sed "s/cfar_//")
diff --git a/tools/cfar_configs/cfar_structP1Canaries_zipr.sh b/tools/cfar_configs/cfar_structP1Canaries_zipr.sh
index 7e5082616849aeb519ee4edf9a5a6ed34d4dbad9..0c3ca5bc9b6dde4fd5d04bcf769a30384fc20996 100755
--- a/tools/cfar_configs/cfar_structP1Canaries_zipr.sh
+++ b/tools/cfar_configs/cfar_structP1Canaries_zipr.sh
@@ -1,3 +1,3 @@
#!/bin/bash
-$PEASOUP_HOME/tools/cfar.sh "$1" "$2" "$3" --backend zipr --step-option zipr:"--zipr:seed $$" --structured_p1_canaries --step p1transform=on --config_name $(basename $0 .sh|sed "s/cfar_//")
+$PEASOUP_HOME/tools/cfar.sh "$@" --backend zipr --step-option zipr:"--zipr:seed $$" --structured_p1_canaries --step p1transform=on --config_name $(basename $0 .sh|sed "s/cfar_//")
diff --git a/tools/do_gatherlibs.sh b/tools/do_gatherlibs.sh
index 749a107a51ef865b48e7c11989117a2c917f8009..e789d462899b1827905ca2fc723560ae18779937 100755
--- a/tools/do_gatherlibs.sh
+++ b/tools/do_gatherlibs.sh
@@ -19,6 +19,8 @@ safe_dir_list=" /lib /lib/tls/i686/cmov \
exe=$0
+these=""
+
# parse arguments
while [[ $# > 0 ]]
@@ -41,6 +43,15 @@ do
echo "Using default safe list:"
echo "$safe_dir_list"
+ ;;
+ --protectthese)
+ if [[ $# < 1 ]]; then
+ echo "--protectthese needs an option"
+ exit 1 # reported error
+ fi
+ shift
+ these="$1"
+ echo "Protecting these files: $1"
;;
--safelist)
if [[ $# < 1 ]]; then
@@ -54,7 +65,7 @@ do
;;
*|--usage)
echo "Usage: "
- echo " $exe { --main_exe_only | --all | --safe | --usage | --safelist 'list' }"
+ echo " $exe { --main_exe_only | --all | --safe | --usage | --safelist 'path1 path2 ...' | --protectthese 'lib1.so lib2.so ...'}"
exit 1 # report error as we didnt parse all options, etc.
;;
esac
@@ -85,6 +96,21 @@ mkdir shared_objects
rm -f shared_libs
touch shared_libs
+
+if [ X"$these" != "X" ]; then
+ for i in $these
+ do
+ if [ ! -f $i ]; then
+ echo Missing library file $i
+ exit 255
+ fi
+ cp $i shared_objects
+ echo `basename $i` >> shared_libs
+ done
+ # after copying all libraries, we're done. we were told explicitly what to protect
+ exit 0
+fi
+
libs=`$PEASOUP_HOME/tools/getlibs.sh a.ncexe`
if [ $? -ne 0 ]; then
diff --git a/tools/ps_analyze.sh b/tools/ps_analyze.sh
index 0d8aa6cb44c5037301d187312f0b092b7c594040..1127b0f8b7631a156d6b766f7c4aa23e300332b6 100755
--- a/tools/ps_analyze.sh
+++ b/tools/ps_analyze.sh
@@ -41,6 +41,8 @@ TWITCHER_TRANSFORM_TIMEOUT_VALUE=1800
# Setting PN timeout to 6 hours for TNE.
PN_TIMEOUT_VALUE=21600
+export backend=strata
+
#
# set default values for
#
@@ -242,11 +244,13 @@ check_options()
-b|--backend)
if [ "X$2" = "Xzipr" ]; then
echo using Zipr backend
+ export backend="zipr"
phases_spec=" $phases_spec stratafy_with_pc_confine=off generate_spri=off spasm=off fast_annot=off zipr=on\
preLoaded_ILR1=off preLoaded_ILR2=off fast_spri=off "
step_options_gather_libraries="$step_options_gather_libraries --main_exe_only"
elif [ "X$2" = "Xstrata" ]; then
echo using Strata backend
+ export backend="strata"
# strata is default, do nothing.
fi
shift 2
@@ -785,8 +789,6 @@ perform_step heaprand pc_confine,double_free $PEASOUP_HOME/tools/update_env_
perform_step controlled_exit none $PEASOUP_HOME/tools/update_env_var.sh STRATA_CONTROLLED_EXIT 1
perform_step detect_server pc_confine $PEASOUP_HOME/tools/update_env_var.sh STRATA_DETECT_SERVERS 1
perform_step diehard none $PEASOUP_HOME/tools/update_env_var.sh DO_DIEHARD 1
-#perform_step return_cache none $PEASOUP_HOME/tools/update_env_var.sh STRATA_RC 1
-#perform_step partial_inlining none $PEASOUP_HOME/tools/update_env_var.sh STRATA_PARTIAL_INLINING 0
perform_step rekey none $PEASOUP_HOME/tools/update_env_var.sh STRATA_REKEY_AFTER 5000
perform_step double_free heaprand $PEASOUP_HOME/tools/update_env_var.sh STRATA_DOUBLE_FREE 1
perform_step pc_confine none $PEASOUP_HOME/tools/update_env_var.sh STRATA_PC_CONFINE 1
diff --git a/tools/zanalyze.sh b/tools/zanalyze.sh
new file mode 100755
index 0000000000000000000000000000000000000000..e8eb34c87bc3e803327b5201f67ab2807cb93bc8
--- /dev/null
+++ b/tools/zanalyze.sh
@@ -0,0 +1,255 @@
+#/bin/bash
+
+
+usage()
+{
+ echo '
+zanalyze.sh
+
+ # this scren
+ --help
+
+ # specify input.
+ (
+ (--inzar|-z) <input.zar> |
+ (-i|--infiles) "file1 file2 file3 ..." |
+ (-m|--inmanifest) <input.json>
+ )
+
+ # specify output.
+ (-o|--outfile| <output.zar,output.exe,... defaults to $input.protected.zar>)
+
+ # specify how to protect the input.
+ [(-p|—protection_engine) </path/to/pretection engine and options>
+ e.g. cfar.sh|ps_analyze.sh|ps_analyze_cgc.sh|cfar_probP1_zipr.sh|cfar_probP1_strata.sh
+ defaults to "$P_H/tools/ps_analyze.sh --backend zipr">
+ ]
+
+ # specify one-by-one or all-at-once protection (zipr/strata differences in protection engines)
+ [(-x|--pe_mode) [(i|individual)|(m|multi)
+ defaults to "-x i"
+ ]
+
+ # Specify a collection engine -- this is a "finishing" step after the protection engine has finished
+ # processing all the inputs. Can be used to collect results into installers, tarballs, etc.
+ (-c|—collection-engine) <engine and options, defaults to "$PEASOUP_HOME/tools/zipr_ce.sh>"
+
+ # specify a path for an output file containing a description of what happened -- for future expansion, ignored for now.
+ [(-s|--output_spec) <filename.attr>]
+'
+
+}
+
+check_options()
+{
+
+
+ # Note that we use `"$@"' to let each command-line parameter expand to a
+ # separate word. The quotes around `$@' are essential!
+ # We need TEMP as the `eval set --' would nuke the return value of getopt.
+ short_opts="z:i:m:o:p:x:c:s:h"
+ long_opts="--long inzar:
+ --long infiles:
+ --long inmanifest:
+ --long outfile:
+ --long protection_engine:
+ --long pe_mode:
+ --long collection_engine
+ --long output_spec:
+ --long help
+ "
+
+ # solaris does not support long option names
+ if [ `uname -s` = "SunOS" ]; then
+ TEMP=`getopt $short_opts "$@"`
+ else
+ TEMP=`getopt -o $short_opts $long_opts -n 'zanalyze.sh' -- "$@"`
+ fi
+
+
+ # error check #
+ if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit -1 ; fi
+
+ # Note the quotes around `$TEMP': they are essential!
+ eval set -- "$TEMP"
+
+ while true ; do
+ case "$1" in
+ --help|-h)
+ usage;
+ exit 1
+ ;;
+# --inzar|-z)
+# echo "not impl'd"
+# exit 1
+# ;;
+# --inmanifest|-m)
+# echo "not impl'd"
+# exit 1
+# ;;
+ --infiles|-i)
+ infiles="$2"
+ shift 2
+ ;;
+ --outfile|-o)
+ outfile="-o $2"
+ shift 2
+ ;;
+ --protection_engine|-p)
+ protection_engine="$2"
+ shift 2
+ ;;
+ --pe_mode|-x)
+ if [ "X$2" = "Xi" ]; then
+ pe_mode="individual"
+ elif [ "X$2" = "Xindividual" ]; then
+ pe_mode="individual"
+ elif [ "X$2" = "Xm" ]; then
+ pe_mode="multi"
+ elif [ "X$2" = "multi" ]; then
+ pe_mode="multi"
+ else
+ echo "--pe_mode $pe_mode not understood"
+ exit 1
+ fi
+ shift 2
+ ;;
+ --collection_engine|-c)
+ collection_engine="$2"
+ shift 2
+ ;;
+# --output_spec|-s)
+# output_spec="--output_spec $2"
+# shift 2
+# ;;
+ --)
+ shift
+ break
+ ;;
+ *)
+ echo "Internal error!"
+ echo found option "$1"
+
+ exit -2
+ ;;
+ esac
+ done
+
+ # report errors if found
+ if [ ! -z $1 ]; then
+ echo Unparsed/unimplemented parameters:
+ for arg do echo '--> '"\`$arg'" ; done
+ exit 3;
+ fi
+
+}
+
+check_environ_vars()
+{
+
+ while [ true ];
+ do
+
+ # done?
+ if [ -z $1 ]; then
+ return;
+ fi
+
+ # create the $ENVNAME string in varg
+ varg="\$$1"
+
+ # find out the environment variable's setting
+ eval val=$varg
+
+ if [ -z $val ]; then echo Please set $1; exit 1; fi
+
+ shift
+ done
+
+}
+
+
+expand_zar()
+{
+ # do nothing yet
+ # eventually expand and set infile to set of input files
+ echo -n
+}
+
+do_individual_protection()
+{
+ seq=0
+ for i in $infiles
+ do
+ file=$PWD/manifest$seq.attr
+ echo Attempting: $engine $i $i.protected $engine_options --step output_spec=on --step-option output_spec:"--file $file"
+ $engine $i $i.protected $engine_options --step output_spec=on --step-option output_spec:"--file $file"
+ engine_res="$?"
+
+ if [ $engine_res != 0 ]; then
+ echo "Engine protection failed. Aborting..."
+ exit $engine_res
+ fi
+ seq=$(expr $seq + 1)
+
+ intermediate_attribute_files="$intermediate_attribute_files $file"
+ done
+}
+
+do_multi_protection()
+{
+ echo "Multi protection not yet implemented."
+ exit 1
+}
+
+invoke_collection_engine()
+{
+ echo "Attempting: $collection_engine --attrfiles '$intermediate_attribute_files' $outfile"
+ $collection_engine --attrfiles "$intermediate_attribute_files" $outfile
+}
+
+
+parse_protection_engine()
+{
+ engine=$(echo $protection_engine | cut -d' ' -f1)
+ engine_options=$(echo $protection_engine' ' | cut -d' ' -f2-)
+
+}
+
+main()
+{
+
+ check_environ_vars PEASOUP_HOME
+
+ outspec=""
+ intermediate_attribute_files=""
+ collection_engine="$PEASOUP_HOME/tools/zipr_ce.sh"
+ protection_engine="$PEASOUP_HOME/tools/ps_analyze.sh --backend zipr"
+ pe_mode="individual"
+ outfile="-o output.zar"
+
+ check_options "$@"
+
+ parse_protection_engine
+
+ expand_zar
+
+ if [ "$pe_mode" = "individual" ]; then
+ do_individual_protection
+ elif [ "$pe_mode" = "multi" ]; then
+ do_multi_protection
+ else
+ echo "--pe_mode $pe_mode not understood"
+ exit 1
+ fi
+
+ invoke_collection_engine
+
+
+ echo Infile=$infiles
+
+}
+
+
+# execute the program
+main "$@"
diff --git a/tools/zipr_ce.sh b/tools/zipr_ce.sh
new file mode 100755
index 0000000000000000000000000000000000000000..6480a97632894f79e5769be1b2430c65721bbf24
--- /dev/null
+++ b/tools/zipr_ce.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+
+usage()
+{
+echo "
+
+Usage:
+ zipr_ce.sh (--help|-h|--usage)
+ zipr_ce.sh --(-a|--attrfiles) 'file1 file2 file3 ...' (-o|--output) <output.zar>
+"
+}
+
+check_options()
+{
+
+
+ # Note that we use `"$@"' to let each command-line parameter expand to a
+ # separate word. The quotes around `$@' are essential!
+ # We need TEMP as the `eval set --' would nuke the return value of getopt.
+ short_opts="a:o:h"
+ long_opts="--long attrfiles:
+ --long ouput:
+ --long help
+ --long usage
+ "
+
+ # solaris does not support long option names
+ if [ `uname -s` = "SunOS" ]; then
+ TEMP=`getopt $short_opts "$@"`
+ else
+ TEMP=`getopt -o $short_opts $long_opts -n 'zanalyze.sh' -- "$@"`
+ fi
+
+
+ # error check #
+ if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit -1 ; fi
+
+ # Note the quotes around `$TEMP': they are essential!
+ eval set -- "$TEMP"
+
+ while true ; do
+ case "$1" in
+ --help|-h|--usage)
+ usage;
+ exit 1
+ ;;
+ --outfile|-o)
+ outfile="$2"
+ shift 2
+ ;;
+ --attrfiles|-a)
+ attrfiles="$2"
+ shift 2
+ ;;
+ --)
+ shift
+ break
+ ;;
+ *)
+ echo "Internal error!"
+ echo found option "$1"
+
+ exit -2
+ ;;
+ esac
+ done
+ # report errors if found
+ if [ ! -z $1 ]; then
+ echo Unparsed/unimplemented parameters:
+ for arg do echo '--> '"\`$arg'" ; done
+ exit 3;
+ fi
+
+}
+
+tarfiles()
+{
+
+ for attrfile in $attrfiles
+ do
+ exefile=$(cat $attrfile |grep "#ATTRIBUTE output_file="|sed "s/#ATTRIBUTE output_file=//")
+ exefiles="$exefiles $exefile"
+ done
+
+ tar cf $outfile $exefiles
+
+
+}
+
+main()
+{
+ check_options "$@"
+ tarfiles
+
+ echo Complete.
+}
+
+
+main "$@"
+
+
+