Comments (1)
michalbiesek
commented on July 2, 2024
The #1572 address the issue.
The root cause:
The problematic code resides in _nc_read_entry2 in curses library.
char filename[PATH_MAX]
...
_nc_SPRINTF(filename, _nc_SLIMIT(PATH_MAX)
"%.*s", PATH_MAX - 1, name);
The variable name above is set to "xterm".
In the absence of libscope.so, the aforementioned function assigns
the value "xterm" to the filename variable. However, when libscope.so
is loaded, the function assigns "xter" to filename.
In the Fedora environment, the invocation of __sprintf_chk
leads to the execution of __vsprintf_internal:
va_start (ap, format);
ret = __vsprintf_internal(s, slen, format, ap, mode);
va_end (ap);
On the other hand, AppScope utilizes the following call:
va_start(ap, format);
rc = vsnprintf(str, strlen, format, ap);
va_end(ap);
It should be noted that the implementations of vsnprintf and
__vsprintf_internal differ in standard library. This commit replaces
the vsnprintf call with vsprintf to address the discrepancy.
The easiest way to test it is to try to scope top on Fedora.
Integration test was added to cover the issue.
from appscope.
Related Issues (20)
- Mount the socket dir not the socket file
- ld.so.preload and scope in the PATH HOT 1
- Go build error with ld.so.preload enabled HOT 2
- Config is not getting set correctly in rules file or in attach when using filter --add HOT 6
- scope attach --inspect <pid> from container to host can return error when successful HOT 1
- Warning when scoping an an application that has the s bit set
- Use symbolic link to avoid two appscope libraries in one process
- [Bug]: Missing payload (request) using `host` app HOT 1
- Timeouts seen with appscope/edge integration HOT 2
- DNS tunelling/exfiltration POC HOT 3
- File system obfuscation
- Add support for sending the payloads using event channel HOT 3
- LD_PRELOAD is not set in some cases when exec'ing into a container that was started after a scope rule was added
- Unable to exec into container after re-adding a scope rule HOT 4
- Connection Graph HOT 1
- [Bug]: Sending payloads with cribl/event transport type - inconsistency with channel type
- Memory Snapshot on Command HOT 1
- Attempt to mount non-existent directory from host into container HOT 2
- Updates needed to CI
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from appscope.