From dda1f84f6704855b2dddd919d9e74d9dc29b130b Mon Sep 17 00:00:00 2001
From: jdh8d <jdh8d@git.zephyr-software.com>
Date: Tue, 30 Sep 2014 16:55:54 +0000
Subject: [PATCH] Merged trunk, added CGC spawner to open files for Strata, as
necessary. Won't be useful for competition, but useful for analysis
Former-commit-id: 21066cf2f6eb7a1f43226c8e83d027db5c8918c8
---
.gitattributes | 11 +++
Makefile | 2 +
cgc_spri/Makefile | 7 ++
cgc_spri/spawn_with_spri_open.c | 33 +++++++
tools/add_ifunc_attr.sh | 10 ++
tools/db/job.create.tbl | 23 +++++
tools/db/job.drop.tbl | 2 +
tools/db/job_spec_register.sh | 9 ++
tools/db/job_spec_update.sh | 14 +++
tools/db/job_status_report.sh | 66 +++++++++++++
tools/db/pdb.drop.tbl | 4 +-
tools/db/pdb_setup.sh | 1 +
tools/db/pdb_teardown.sh | 1 +
tools/do_appfw.sh | 4 +-
tools/do_rss.sh | 15 +++
tools/do_spawner.sh | 4 +
tools/ps_analyze.sh | 167 +++++++++++++++++++++++++++-----
tools/ps_analyze_cgc.sh | 7 ++
tools/ps_run.sh | 4 +-
19 files changed, 354 insertions(+), 30 deletions(-)
create mode 100644 cgc_spri/Makefile
create mode 100644 cgc_spri/spawn_with_spri_open.c
create mode 100755 tools/add_ifunc_attr.sh
create mode 100644 tools/db/job.create.tbl
create mode 100644 tools/db/job.drop.tbl
create mode 100755 tools/db/job_spec_register.sh
create mode 100755 tools/db/job_spec_update.sh
create mode 100755 tools/db/job_status_report.sh
create mode 100755 tools/do_rss.sh
create mode 100644 tools/do_spawner.sh
create mode 100755 tools/ps_analyze_cgc.sh
diff --git a/.gitattributes b/.gitattributes
index 863fc9504..4d9118074 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -17,6 +17,8 @@ c++_examples/newdelete4.cpp -text
c++_examples/newdelete5.cpp -text
c++_examples/newdelete6.cpp -text
c++_examples/throw.cpp -text
+cgc_spri/Makefile -text
+cgc_spri/spawn_with_spri_open.c -text
chopzero_src/Makefile -text
chopzero_src/chopzero.c -text
demos/Makefile -text
@@ -388,11 +390,17 @@ tests/zsh/tests/test3.sh -text
tests/zsh/tests/test4.sh -text
tests/zsh/tests/test5.sh -text
tests/zsh/tests/test6.sh -text
+tools/add_ifunc_attr.sh -text
tools/bed.sh -text
tools/bed_blackbox.sh -text
tools/bed_manual.sh -text
tools/cover.sh -text
tools/db/drop_my_tables.sh -text
+tools/db/job.create.tbl -text
+tools/db/job.drop.tbl -text
+tools/db/job_spec_register.sh -text
+tools/db/job_spec_update.sh -text
+tools/db/job_status_report.sh -text
tools/db/pdb.create.tbl -text
tools/db/pdb.createprogram.tbl -text
tools/db/pdb.drop.tbl -text
@@ -3177,6 +3185,8 @@ tools/do_makepeasoupbinary.sh -text
tools/do_manual_cover.sh -text
tools/do_manualtests.sh -text
tools/do_p1transform.sh -text
+tools/do_rss.sh -text
+tools/do_spawner.sh -text
tools/empty.json -text
tools/fast_annot.sh -text
tools/fast_spri.sh -text
@@ -6312,6 +6322,7 @@ tools/ps_analyze-lib.sh -text
tools/ps_analyze.sh -text
tools/ps_analyze4.sh -text
tools/ps_analyze64.sh -text
+tools/ps_analyze_cgc.sh -text
tools/ps_comp++.sh -text
tools/ps_comp.sh -text
tools/ps_create_installer.sh -text
diff --git a/Makefile b/Makefile
index 97d44bec5..30e93ab3e 100644
--- a/Makefile
+++ b/Makefile
@@ -1,10 +1,12 @@
all:
cd chopzero_src; make
+ cd cgc_spri; make
#cd tools/pin; make
clean:
cd chopzero_src; make clean
cd examples; make clean
cd demos; make clean
+ cd cgc_spri; make clean
diff --git a/cgc_spri/Makefile b/cgc_spri/Makefile
new file mode 100644
index 000000000..9798a2ec3
--- /dev/null
+++ b/cgc_spri/Makefile
@@ -0,0 +1,7 @@
+
+
+spawner: *.c
+ gcc *.c -o $@
+
+clean:
+ rm -f *.o spawner
diff --git a/cgc_spri/spawn_with_spri_open.c b/cgc_spri/spawn_with_spri_open.c
new file mode 100644
index 000000000..1ffad3741
--- /dev/null
+++ b/cgc_spri/spawn_with_spri_open.c
@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+
+
+int main( int argc, char* argv[])
+{
+ char* spri_file=getenv("STRATA_SPRI_FILE");
+ if(spri_file)
+ {
+ int fd=open(spri_file, O_RDONLY);
+ if(fd==-1)
+ {
+ perror(__FUNCTION__);
+ }
+ int fd2=dup2(fd,990);
+ if(fd2==-1)
+ {
+ perror(__FUNCTION__);
+ }
+ close(fd);
+ }
+ char* exe=getenv("SPAWNER_EXE_FILE");
+ if(!exe)
+ {
+ fprintf(stderr,"Cannot find file to spawn.");
+ }
+ execvp(exe, argv);
+}
diff --git a/tools/add_ifunc_attr.sh b/tools/add_ifunc_attr.sh
new file mode 100755
index 000000000..564f51653
--- /dev/null
+++ b/tools/add_ifunc_attr.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+infile=$1
+annotfile=$2
+
+for ifunc in `nm $infile|grep " i "|cut -f3 -d" "`
+do
+ cat $annotfile|sed "s/ FUNC GLOBAL $ifunc / FUNC GLOBAL $ifunc IFUNC /" > $annotfile.tmp.$$
+ mv $annotfile.tmp.$$ $annotfile
+done
diff --git a/tools/db/job.create.tbl b/tools/db/job.create.tbl
new file mode 100644
index 000000000..97bca29e6
--- /dev/null
+++ b/tools/db/job.create.tbl
@@ -0,0 +1,23 @@
+CREATE TABLE job_spec
+(
+ job_id text PRIMARY KEY,
+ job_name text,
+ variant_id integer DEFAULT -1,
+ submitted_ts timestamp,
+ start_ts timestamp,
+ stop_ts timestamp,
+ configuration text,
+ status text,
+ installer text
+);
+
+CREATE TABLE job_status
+(
+ job_id text,
+ step text,
+ step_num integer DEFAULT -1,
+ log text,
+ start_ts timestamp,
+ stop_ts timestamp,
+ status text
+);
diff --git a/tools/db/job.drop.tbl b/tools/db/job.drop.tbl
new file mode 100644
index 000000000..e2c7e0320
--- /dev/null
+++ b/tools/db/job.drop.tbl
@@ -0,0 +1,2 @@
+DROP TABLE job_spec;
+DROP TABLE job_status;
diff --git a/tools/db/job_spec_register.sh b/tools/db/job_spec_register.sh
new file mode 100755
index 000000000..b9466d96b
--- /dev/null
+++ b/tools/db/job_spec_register.sh
@@ -0,0 +1,9 @@
+#!/bin/sh -x
+
+JOB_ID=$1
+NAME=$2
+VARIANT_ID=$3
+STATUS=$4
+SUBMITTED_TS=$5
+
+psql -q -t -c "INSERT INTO job_spec (job_id, job_name, variant_id, status, submitted_ts) VALUES ('$JOB_ID', '$NAME', '$VARIANT_ID', '$STATUS', '$SUBMITTED_TS')"
diff --git a/tools/db/job_spec_update.sh b/tools/db/job_spec_update.sh
new file mode 100755
index 000000000..6c6b4b3ad
--- /dev/null
+++ b/tools/db/job_spec_update.sh
@@ -0,0 +1,14 @@
+#!/bin/sh -x
+
+JOB_ID=$1
+STATUS=$2
+TIMESTAMP=$3
+INSTALLER=$4
+
+if [ $STATUS = 'pending' ]; then
+ psql -q -t -c "UPDATE job_spec SET status='$STATUS', start_ts='$TIMESTAMP' WHERE job_id='$JOB_ID'"
+elif [ $STATUS = 'error' ]; then
+ psql -q -t -c "UPDATE job_spec SET status='$STATUS', stop_ts='$TIMESTAMP' WHERE job_id='$JOB_ID'"
+else
+ psql -q -t -c "UPDATE job_spec SET status='$STATUS', stop_ts='$TIMESTAMP', installer='$INSTALLER' WHERE job_id='$JOB_ID'"
+fi
diff --git a/tools/db/job_status_report.sh b/tools/db/job_status_report.sh
new file mode 100755
index 000000000..a77f6cc6a
--- /dev/null
+++ b/tools/db/job_status_report.sh
@@ -0,0 +1,66 @@
+#!/bin/sh -x
+
+JOB_ID=$1
+STEP=$2
+STEP_NUM=$3
+STATE=$4
+TIMESTAMP=$5
+STATUS=$6
+LOGFILE=$7
+
+#####################################################
+
+usage()
+{
+ echo "report_job_status <job_id> <step_name> <step_num> [ started | completed ] <timestamp> <status> <logFile>"
+}
+
+log_error()
+{
+ echo "report_job_status: ERROR: $1"
+ exit -1
+}
+
+log_message()
+{
+ echo "report_job_status: MESSAGE: $1"
+}
+
+#####################################################
+
+if [ -z $JOB_ID ]; then
+ usage
+fi
+
+if [ -z $STEP ]; then
+ usage
+fi
+
+if [ -z $STEP_NUM ]; then
+ usage
+fi
+
+if [ -z $TIMESTAMP ]; then
+ usage
+fi
+
+if [ -z $STATUS ]; then
+ usage
+fi
+
+if [ $STATE = "started" ]; then
+ psql -q -t -c "INSERT INTO job_status (job_id, step, step_num, status, start_ts) VALUES ('$JOB_ID', '$STEP', '$STEP_NUM', '$STATUS', '$TIMESTAMP')"
+else
+ if [ -z $LOGFILE ]; then
+ psql -q -t -c "UPDATE job_status SET status='$STATUS', stop_ts='$TIMESTAMP' WHERE job_id = '$JOB_ID' AND step='$STEP'"
+ else
+ attributes=$(grep ATTRIBUTE $LOGFILE | cut -d' ' -f3-)
+ psql -q -t -c "UPDATE job_status SET status='$STATUS', stop_ts='$TIMESTAMP', log='$attributes' WHERE job_id = '$JOB_ID' AND step='$STEP'"
+ fi
+fi
+
+if [ ! $? -eq 0 ]; then
+ log_error "Failed to register job status"
+fi
+
+exit 0
diff --git a/tools/db/pdb.drop.tbl b/tools/db/pdb.drop.tbl
index e75fc9e4c..b42f9199e 100644
--- a/tools/db/pdb.drop.tbl
+++ b/tools/db/pdb.drop.tbl
@@ -1,3 +1,3 @@
-DROP TABLE program_dependency;
-DROP TABLE program_info;
+DROP TABLE variant_dependency;
+DROP TABLE variant_info;
DROP TABLE file_info;
diff --git a/tools/db/pdb_setup.sh b/tools/db/pdb_setup.sh
index 7d489a046..5aadc308a 100755
--- a/tools/db/pdb_setup.sh
+++ b/tools/db/pdb_setup.sh
@@ -1,3 +1,4 @@
#!/bin/sh
psql -f $PEASOUP_HOME/tools/db/pdb.create.tbl
+psql -f $PEASOUP_HOME/tools/db/job.create.tbl
diff --git a/tools/db/pdb_teardown.sh b/tools/db/pdb_teardown.sh
index 4c48331df..5ebe4aa2b 100755
--- a/tools/db/pdb_teardown.sh
+++ b/tools/db/pdb_teardown.sh
@@ -1,3 +1,4 @@
#!/bin/sh
psql -f $PEASOUP_HOME/tools/db/pdb.drop.tbl
+psql -f $PEASOUP_HOME/tools/db/job.drop.tbl
diff --git a/tools/do_appfw.sh b/tools/do_appfw.sh
index 889aa6cca..ab0e196ec 100755
--- a/tools/do_appfw.sh
+++ b/tools/do_appfw.sh
@@ -11,7 +11,7 @@ $PEASOUP_HOME/tools/generate_string_signatures.sh "$program" "$program.sigs" $fi
cp $program.sigs $program.sigs.orig
# copy application firewall library
-# for now, it's only SQL
-cp $SECURITY_TRANSFORMS_HOME/appfw/lib/libappfw.so${bits} libappfw.so
+cp $SECURITY_TRANSFORMS_HOME/appfw/lib/${bits}/libappfw.so libappfw.so
+#cp $SECURITY_TRANSFORMS_HOME/appfw/lib/${bits}/libappfw.so libappfw.so
$PEASOUP_HOME/tools/update_env_var.sh DO_APPFW 1
diff --git a/tools/do_rss.sh b/tools/do_rss.sh
new file mode 100755
index 000000000..22b9bb8b2
--- /dev/null
+++ b/tools/do_rss.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -x
+
+
+#
+# This env. var tells Strata to insert RSS-ing.
+# However, we're doing the RSSing via SPRI/IRDB.
+# So we need to leave this env. var off.
+#
+# $PEASOUP_HOME/tools/update_env_var.sh STRATA_SHADOW_STACK 1
+
+$SECURITY_TRANSFORMS_HOME/tools/ret_shadow_stack/ret_shadow_stack.exe $*
+
+
+
+
diff --git a/tools/do_spawner.sh b/tools/do_spawner.sh
new file mode 100644
index 000000000..b45b4196e
--- /dev/null
+++ b/tools/do_spawner.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+mv a.stratafied spawned
+cp $PEASOUP_HOME/cgc_spri/spawner a.stratafied
diff --git a/tools/ps_analyze.sh b/tools/ps_analyze.sh
index 28e9f3f30..ba083b073 100755
--- a/tools/ps_analyze.sh
+++ b/tools/ps_analyze.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash
#
# ps_analyze.sh - analyze a program and transform it for peasoupification to prevent exploit.
#
@@ -14,12 +14,20 @@ ulimit -s unlimited
watchdog_val=30
errors=0
+# record statistics in database?
+record_stats=0
+
# DEFAULT TIMEOUT VALUE
INTEGER_TRANSFORM_TIMEOUT_VALUE=1800
TWITCHER_TRANSFORM_TIMEOUT_VALUE=1800
# Setting PN timeout to 6 hours for TNE.
PN_TIMEOUT_VALUE=21600
+#
+# set default values for
+#
+initial_off_phases="isr ret_shadow_stack determine_program stats spawner"
+
#non-zero to use canaries in PN/P1, 0 to turn off canaries
#DO_CANARIES=1
#on for on and off for off
@@ -31,6 +39,9 @@ intxform_detect_fp=1 # default: detect benign false positives is on
# but if determine_program is off, it's a no-op
intxform_instrument_idioms=0 # default: do not instrument instructions marked as IDIOM by STARS
+# JOBID
+
+JOBID="$(basename $1)-$$"
#
# By default, big data approach is off
@@ -153,7 +164,7 @@ check_options()
# Note that we use `"$@"' to let each command-line parameter expand to a
# separate word. The quotes around `$@' are essential!
# We need TEMP as the `eval set --' would nuke the return value of getopt.
- TEMP=`getopt -o s:t:w: --long step-option: --long integer_warnings_only --long integer_instrument_idioms --long integer_detect_fp --long no_integer_detect_fp --long step: --long timeout: --long manual_test_script: --long manual_test_coverage_file: --long watchdog: -n 'ps_analyze.sh' -- "$@"`
+ TEMP=`getopt -o s:t:w: --long step-option: --long integer_warnings_only --long integer_instrument_idioms --long integer_detect_fp --long no_integer_detect_fp --long step: --long timeout: --long id: --long manual_test_script: --long manual_test_coverage_file: --long watchdog: -n 'ps_analyze.sh' -- "$@"`
# error check #
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit -1 ; fi
@@ -209,6 +220,10 @@ check_options()
set_timer $2 & TIMER_PID=$!
shift 2
;;
+ --id)
+ JOBID=$2
+ shift 2
+ ;;
--) shift
break
;;
@@ -233,24 +248,33 @@ check_options()
exit -3;
fi
- # --step determine_program=(on|off) not specified on the command line
- # default policy is off
- # to make the default policy on, get rid of this block of code
- echo $phases_off|egrep "determine_program" > /dev/null
- if [ ! $? -eq 0 ];
- then
- # by default it's off
- phases_off="$phases_off determine_program=off"
- fi
+ for phase in $initial_off_phases
+ do
- # turn off isr
- phases_off="$phases_off isr=off"
+ # --step $phase=(on|off) not specified on the command line
+ # default policy is off
+ # to make the default policy on, get rid of this block of code
+ echo $phases_off|egrep "$phase=" > /dev/null
+ if [ ! $? -eq 0 ];
+ then
+ # by default it's off
+ phases_off="$phases_off $phase=off"
+ fi
+ done
# turn off heaprand and double_free if twitcher is on for now
is_step_on twitchertransform
if [[ $? = 1 && "$TWITCHER_HOME" != "" ]]; then
phases_off="$phases_off heaprand=off double_free=off"
fi
+
+ #
+ # turn on/off recording of statistics
+ #
+ is_step_on stats
+ if [[ $? = 1 ]]; then
+ record_stats=1
+ fi
}
@@ -259,7 +283,7 @@ check_options()
#
is_step_on()
{
- step=$1
+ local step=$1
echo $phases_off|egrep "$step=off" > /dev/null
if [ $? -eq 0 ] ; then
@@ -314,6 +338,29 @@ stop_if_error()
esac
}
+#
+# Check dependencies
+#
+check_dependencies()
+{
+ # format is: step1,step2,step3
+ local dependency_list=$1
+
+ # extract each step, make sure step is turned on
+ local steps=$(echo $dependency_list | tr "," "\n")
+ for s in $steps
+ do
+ if [[ "$s" != "none" && "$s" != "mandatory" ]]; then
+ is_step_on $s
+ if [ $? -eq 0 ]; then
+ return 0
+ fi
+ fi
+ done
+
+ return 1
+}
+
#
# Detect if this step of the computation is on, and execute it.
#
@@ -325,16 +372,33 @@ perform_step()
shift
command="$*"
+ logfile=logs/$step.log
+
is_step_on $step
if [ $? -eq 0 ]; then
echo Skipping step $step. [dependencies=$mandatory]
return 0
fi
- logfile=logs/$step.log
+ starttime=`date --iso-8601=seconds`
+
+ # optionally record stats
+ if [ $record_stats -eq 1 ]; then
+ $PEASOUP_HOME/tools/db/job_status_report.sh "$JOBID" "$step" "$stepnum" started "$starttime" inprogress
+ fi
+
+ if [[ "$mandatory" != "none" && "$mandatory" != "mandatory" ]]; then
+ check_dependencies $mandatory
+ if [ $? -eq 0 ]; then
+ echo Skipping step $step because of failed dependencies. [dependencies=$mandatory]
+ if [ $record_stats -eq 1 ]; then
+ $PEASOUP_HOME/tools/db/job_status_report.sh "$JOBID" "$step" "$stepnum" completed "$starttime" error
+ fi
+ return 0
+ fi
+ fi
echo -n Performing step "$step" [dependencies=$mandatory] ...
- starttime=`date --iso-8601=seconds`
# If verbose is on, tee to a file
if [ ! -z "$DEBUG_STEPS" ]; then
@@ -347,14 +411,27 @@ perform_step()
$command > $logfile 2>&1
command_exit=$?
fi
+
+ endtime=`date --iso-8601=seconds`
echo "# ATTRIBUTE start_time=$starttime" >> $logfile
- echo "# ATTRIBUTE end_time=`date --iso-8601=seconds`" >> $logfile
+ echo "# ATTRIBUTE end_time=$endtime" >> $logfile
echo "# ATTRIBUTE peasoup_step_name=$step" >> $logfile
echo "# ATTRIBUTE peasoup_step_number=$stepnum" >> $logfile
echo "# ATTRIBUTE peasoup_step_command=$command " >> $logfile
echo "# ATTRIBUTE peasoup_step_exitcode=$command_exit" >> $logfile
+ # report job status
+ if [ $command_exit -eq 0 ]; then
+ if [ $record_stats -eq 1 ]; then
+ $PEASOUP_HOME/tools/db/job_status_report.sh "$JOBID" "$step" "$stepnum" completed "$endtime" success $logfile
+ fi
+ else
+ if [ $record_stats -eq 1 ]; then
+ $PEASOUP_HOME/tools/db/job_status_report.sh "$JOBID" "$step" "$stepnum" completed "$endtime" error $logfile
+ fi
+ fi
+
is_step_error $step $command_exit
if [ $? -ne 0 ]; then
echo "Done. Command failed! ***************************************"
@@ -387,7 +464,7 @@ report_logs()
logfile=logs/ps_analyze.log
echo "# ATTRIBUTE start_time=$ps_starttime" >> $logfile
- echo "# ATTRIBUTE end_time=`date --iso-8601=seconds`" >> $logfile
+ echo "# ATTRIBUTE end_time=$ps_endtime" >> $logfile
echo "# ATTRIBUTE peasoup_step_name=all_peasoup" >> $logfile
for i in $all_logs
@@ -569,10 +646,12 @@ fi
# setup libstrata.so. We'll setup two versions, one with symbols so we can debug, and a stripped, faster-loading version.
# by default, use the faster version. copy in the .symbosl version for debugging
#
-cp $STRATA_HOME/lib/libstrata.so $newdir/libstrata.so.symbols
-cp $STRATA_HOME/lib/libstrata.so $newdir/libstrata.so.nosymbols
-strip $newdir/libstrata.so.nosymbols
-cp $newdir/libstrata.so.nosymbols $newdir/libstrata.so
+if [ -f $STRATA_HOME/lib/libstrata.so ]; then
+ cp $STRATA_HOME/lib/libstrata.so $newdir/libstrata.so.symbols
+ cp $STRATA_HOME/lib/libstrata.so $newdir/libstrata.so.nosymbols
+ strip $newdir/libstrata.so.nosymbols
+ cp $newdir/libstrata.so.nosymbols $newdir/libstrata.so
+fi
adjust_lib_path
@@ -660,6 +739,8 @@ DB_PROGRAM_NAME=`basename $orig_exe.$$ | sed "s/[^a-zA-Z0-9]/_/g"`
DB_PROGRAM_NAME="psprog_$DB_PROGRAM_NAME"
MD5HASH=`md5sum $newname.ncexe | cut -f1 -d' '`
+INSTALLER=`pwd`
+
#
# register the program
#
@@ -669,6 +750,15 @@ if [ ! $varid -gt 0 ]; then
fail_gracefully "Failed to write Variant into database. Exiting early. Is postgres running? Can $PGUSER access the db?"
fi
+if [ $record_stats -eq 1 ]; then
+ $PEASOUP_HOME/tools/db/job_spec_register.sh "$JOBID" "$DB_PROGRAM_NAME" "$varid" 'submitted' "$ps_starttime"
+fi
+
+
+if [ $record_stats -eq 1 ]; then
+ $PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'pending' "$ps_starttime"
+fi
+
# build basic IR
perform_step fill_in_cfg mandatory $SECURITY_TRANSFORMS_HOME/libIRDB/test/fill_in_cfg.exe $varid
perform_step fill_in_indtargs mandatory $SECURITY_TRANSFORMS_HOME/libIRDB/test/fill_in_indtargs.exe $varid
@@ -695,7 +785,7 @@ perform_step find_strings none $SECURITY_TRANSFORMS_HOME/libIRDB/test/find_strin
#
# analyze binary for string signatures
#
-perform_step appfw none $PEASOUP_HOME/tools/do_appfw.sh $arch_bits $newname.ncexe logs/find_strings.log
+perform_step appfw find_strings $PEASOUP_HOME/tools/do_appfw.sh $arch_bits $newname.ncexe logs/find_strings.log
#
# check signatures to determine if we know which program this is.
@@ -753,7 +843,7 @@ perform_step fast_annot preLoaded_ILR2 $PEASOUP_HOME/tools/fast_annot.sh
#
# Do P1/Pn transform.
#
-perform_step p1transform none $PEASOUP_HOME/tools/do_p1transform.sh $cloneid $newname.ncexe $newname.ncexe.annot $PEASOUP_HOME/tools/bed.sh $PN_TIMEOUT_VALUE $DO_CANARIES
+perform_step p1transform meds_static,clone $PEASOUP_HOME/tools/do_p1transform.sh $cloneid $newname.ncexe $newname.ncexe.annot $PEASOUP_HOME/tools/bed.sh $PN_TIMEOUT_VALUE $DO_CANARIES
#
@@ -762,9 +852,18 @@ perform_step p1transform none $PEASOUP_HOME/tools/do_p1transform.sh $cloneid $ne
if [ -z "$program" ]; then
program="unknown"
fi
-perform_step integertransform none $PEASOUP_HOME/tools/do_integertransform.sh $cloneid $program $CONCOLIC_DIR $INTEGER_TRANSFORM_TIMEOUT_VALUE $intxform_warnings_only $intxform_detect_fp $intxform_instrument_idioms
+perform_step integertransform meds_static,clone $PEASOUP_HOME/tools/do_integertransform.sh $cloneid $program $CONCOLIC_DIR $INTEGER_TRANSFORM_TIMEOUT_VALUE $intxform_warnings_only $intxform_detect_fp $intxform_instrument_idioms
+
+#
+# perform_calc -- get some stats about the DB
+#
#perform_step calc_conflicts none $SECURITY_TRANSFORMS_HOME/libIRDB/test/calc_conflicts.exe $cloneid a.ncexe
+#
+# perform step to instrument pgm with return shadow stack
+#
+perform_step ret_shadow_stack meds_static,clone $PEASOUP_HOME/tools/do_rss.sh $cloneid
+
#
# Do Twitcher transform step if twitcher is present
#
@@ -787,6 +886,11 @@ perform_step fast_spri spasm $PEASOUP_HOME/tools/fast_spri.sh a.irdb.bspri a.ird
perform_step preLoaded_ILR1 fast_spri $STRATA_HOME/tools/preLoaded_ILR/generate_hashfiles.exe a.irdb.fbspri
perform_step preLoaded_ILR2 preLoaded_ILR1 $PEASOUP_HOME/tools/generate_relocfile.sh a.irdb.fbspri
+
+# put a front end in front of a.stratafied which opens file 990 for strata to read.
+perform_step spawner stratafy_with_pc_confine $PEASOUP_HOME/tools/do_spawner.sh
+
+
# copy TOCTOU tool here if it exists
is_step_on toctou
if [[ $? -eq 1 && -e $GRACE_HOME/ps_concurrency/toctou_tool/libtoctou_tool.so ]];
@@ -798,8 +902,10 @@ fi
#
# create a report for all of ps_analyze.
#
+ps_endtime=`date --iso-8601=seconds`
report_logs
+
# go back to original directory
cd - > /dev/null 2>&1
@@ -818,8 +924,19 @@ if [ -f $stratafied_exe ]; then
echo "*****************************"
echo "*Warning: Some steps failed!*"
echo "*****************************"
+ if [ $record_stats -eq 1 ]; then
+ $PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'partial' "$ps_endtime" "$INSTALLER"
+ fi
+ else
+ if [ $record_stats -eq 1 ]; then
+ $PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'success' "$ps_endtime" "$INSTALLER"
+ fi
fi
+
exit 0;
else
+ if [ $record_stats -eq 1 ]; then
+ $PEASOUP_HOME/tools/db/job_spec_update.sh "$JOBID" 'error' "$ps_endtime"
+ fi
exit 255;
fi
diff --git a/tools/ps_analyze_cgc.sh b/tools/ps_analyze_cgc.sh
new file mode 100755
index 000000000..47a2b892d
--- /dev/null
+++ b/tools/ps_analyze_cgc.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+$PEASOUP_HOME/tools/ps_analyze.sh $* \
+ --step spawner=on \
+ --step appfw=off \
+ --step find_strings=off
+
diff --git a/tools/ps_run.sh b/tools/ps_run.sh
index f07eb4f79..c24f37a99 100755
--- a/tools/ps_run.sh
+++ b/tools/ps_run.sh
@@ -44,7 +44,7 @@ fi
DO_TWITCHER=0
if [ "$DO_TWITCHER" = "1" ]; then
- APP_LD_PRELOAD=$BOOST_HOME/lib/libboost_system.so:$BOOST_HOME/lib/libboost_thread.so:$datapath/libtwitcher_malloc.so:$APP_LD_PRELOAD
+ APP_LD_PRELOAD=$datapath/libtwitcher.so:$APP_LD_PRELOAD
fi
DO_TOCTOU=0
@@ -67,6 +67,7 @@ STRATA_WATCHDOG=0
STRATA_NUM_HANDLE=0
STRATA_DOUBLE_FREE=0
STRATA_HEAPRAND=0
+STRATA_SHADOW_STACK=0
STRATA_CONTROLLED_EXIT=0
STRATA_DETECT_SERVERS=0
STRATA_PC_CONFINE=0
@@ -76,6 +77,7 @@ STRATA_PC_CONFINE_XOR_KEY_LENGTH=1024
STRATA_ANNOT_FILE=$datapath/a.ncexe.annot
STRATA_IS_SO=0
STRATA_EXE_FILE=$datapath/a.stratafied
+SPAWNER_EXE_FILE=$datapath/spawned
STRATA_MAX_WARNINGS=500000
exec -a $origbinpath $datapath/a.stratafied \"\$@\""
--
GitLab