Light

Make sure that snuffleupagus is working with CFI about snuffleupagus HOT 4 CLOSED

jvoisin commented on June 14, 2024

Make sure that snuffleupagus is working with CFI

from snuffleupagus.

Comments (4)

jvoisin commented on June 14, 2024

It seems that I'm doing something wrong.

gdb-peda$ r
Starting program: /usr/bin/php7.0 -n -c /home/jvoisin/Dev/snuffleupagus/src/tmp-php.ini -d output_handler= -d open_basedir= -d safe_mode=0 -d disable_functions= -d output_buffering=Off -d error_reporting=32767 -d display_errors=1 -d display_startup_errors=1 -d log_errors=0 -d html_errors=0 -d track_errors=1 -d report_memleaks=1 -d report_zend_debug=0 -d docref_root= -d docref_ext=.html -d error_prepend_string= -d error_append_string= -d auto_prepend_file= -d auto_append_file= -d ignore_repeated_errors=0 -d precision=14 -d memory_limit=128M -d log_errors_max_len=0 -d opcache.fast_shutdown=0 -d opcache.file_update_protection=0 -d extension_dir=/home/jvoisin/Dev/snuffleupagus/src/modules/ -d extension=snuffleupagus.so -d session.auto_start=0 -d zlib.output_compression=Off -d sp.configuration_file=/home/jvoisin/Dev/snuffleupagus/src/tests/config/config_disabled_functions_namespace.ini -f /home/jvoisin/Dev/snuffleupagus/src/tests/disabled_functions_namespace.php

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGILL, Illegal instruction.

 [----------------------------------registers-----------------------------------]
RAX: 0x7ffff2cce780 (<sp_execute_ex>:	jmp    0x7ffff2cc3a70 <sp_execute_ex>)
RBX: 0x555555ba6740 --> 0x0 
RCX: 0x5555557f7dc0 (<execute_ex>:	push   rbp)
RDX: 0x5555557f7dc0 (<execute_ex>:	push   rbp)
RSI: 0x0 
RDI: 0x7ffff2ccf72c ("REMOTE_ADDR")
RBP: 0x7fffffffa360 --> 0x7ffff3814030 --> 0x7ffff3885000 --> 0x5555557f7cf0 (add    r15,0x20)
RSP: 0x7fffffffa340 --> 0x5555557f7dc0 (<execute_ex>:	push   rbp)
RIP: 0x7ffff2cc3b54 (<sp_execute_ex+228>:	ud2)
R8 : 0x1 
R9 : 0x0 
R10: 0x59a 
R11: 0x5555557a6e50 (<zend_get_executed_filename>:	lea    rax,[rip+0x3ff8e9]        # 0x555555ba6740 <executor_globals>)
R12: 0x7ffff387f000 --> 0x800000000000002 
R13: 0x0 
R14: 0x8 
R15: 0x0
EFLAGS: 0x10283 (CARRY parity adjust zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x7ffff2cc3b4b <sp_execute_ex+219>:	cmp    rdx,rax
   0x7ffff2cc3b4e <sp_execute_ex+222>:	mov    QWORD PTR [rbp-0x20],rcx
   0x7ffff2cc3b52 <sp_execute_ex+226>:	je     0x7ffff2cc3b56 <sp_execute_ex+230>
=> 0x7ffff2cc3b54 <sp_execute_ex+228>:	ud2    
   0x7ffff2cc3b56 <sp_execute_ex+230>:	mov    rdi,QWORD PTR [rbp-0x8]
   0x7ffff2cc3b5a <sp_execute_ex+234>:	mov    rax,QWORD PTR [rbp-0x20]
   0x7ffff2cc3b5e <sp_execute_ex+238>:	call   rax
   0x7ffff2cc3b60 <sp_execute_ex+240>:	add    rsp,0x20
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffa340 --> 0x5555557f7dc0 (<execute_ex>:	push   rbp)
0008| 0x7fffffffa348 --> 0x555555ba6740 --> 0x0 
0016| 0x7fffffffa350 --> 0x7ffff3814030 --> 0x7ffff3885000 --> 0x5555557f7cf0 (add    r15,0x20)
0024| 0x7fffffffa358 --> 0x7ffff3814030 --> 0x7ffff3885000 --> 0x5555557f7cf0 (add    r15,0x20)
0032| 0x7fffffffa360 --> 0x7ffff3814030 --> 0x7ffff3885000 --> 0x5555557f7cf0 (add    r15,0x20)
0040| 0x7fffffffa368 --> 0x55555584c617 (<zend_execute+423>:	test   BYTE PTR [rbp+0x2b],0x80)
0048| 0x7fffffffa370 --> 0x0 
0056| 0x7fffffffa378 --> 0x1 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGILL
0x00007ffff2cc3b54 in sp_execute_ex (execute_data=0x7ffff3814030) at sp_execute.c:80
80	  orig_execute_ex(execute_data);
gdb-peda$

from snuffleupagus.

jvoisin commented on June 14, 2024

/usr/bin/php7.0: symbol lookup error: /home/jvoisin/Dev/snuffleupagus/src/modules/snuffleupagus.so: undefined symbol: __ubsan_handle_cfi_check_fail_abort

With clang version 4.0.0-1ubuntu1 (tags/RELEASE_400/rc1), with -fvisibility=hidden -flto -fno-sanitize-trap=all -fsanitize=cfi

/usr/bin/php7.0: symbol lookup error: /home/jvoisin/Dev/snuffleupagus/src/modules/snuffleupagus.so: undefined symbol: __cfi_slowpath_diag

with -fvisibility=hidden -flto -fno-sanitize-trap=all -fsanitize=cfi -fsanitize-cfi-cross-dso

from snuffleupagus.

jvoisin commented on June 14, 2024

It's not that urgent anyway:

17:11 @lattera > CFI only works on HardenedBSD 12-CURRENT/amd64 and is only for applications, not shared objects
17:12 @lattera > as far as I know, no OS supports Cross-DSO CFI from clang/llvm, yet
17:12 @lattera > Cross-DSO CFI requires support from the RTLD and libc

from snuffleupagus.

jvoisin commented on June 14, 2024

16:09 jvoisin > lattera: do you think that I should close https://github.com/nbs-system/snuffleupagus/issues/89 ?
16:27 lattera > jvoisin: sure
16:27 lattera > we can always reopen it once hbsd supports Cross-DSO CFI
16:28 jvoisin > ♥

from snuffleupagus.

Related Issues (20)

.deb doesn't ship PHP8 rules HOT 1
undefined symbol: PHP_SHA256Init HOT 6
PHP 8.3 compatibility HOT 3
XXE and Nextcloud HOT 2
none-standard symbols brake executions of rules HOT 2
upgrading from older versions to latest HOT 1
Snuffleupagus did;nt work as expected HOT 3
Snuffleupagus for php 7.4 latest HOT 2
Clarify `match` comparisson for filters
Support filter `param` multiple times HOT 3
SP doesn't work with phar files
Snuffleupagus 0.10.0 when loaded via Apache only applies ruleset when it has no comments HOT 9
V10 debian packages missing HOT 3
PHP-FPM 8.3 child exited with code 70 HOT 3
Patchstack Wordpress Vulnerability DB HOT 1
Snuffleupagus associated with high CPU load HOT 6
How can i fix the mail issue? HOT 1
generate_rules.php: why forbid curl_exec and curl_multi_exec? HOT 9
generate_rules.php: remove assert if running PHP8+ HOT 1
Support for PHP 8.3 on Alpine Linux HOT 1

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.