crashsimulator's People
crashsimulator's Issues
wget replay
Fails on a call to open("/dev/tty") replacing a call to fstat64(1, ...)
During the recorded execution, the application called fstat64 on STDOUT at this point
Looks like failure occurs during a call to setlocale in http_atotm
this function must 1) store the old locale 2) set the LC_TIME's locale to NULL to support some solaris weirdness 3) generate the time_t to be returned 4) restore the old locale. It is the restoration of this old locale where the failure occurs. Commenting out this step allows the replay to proceed further.
Move validation code into system call "validators"
Check system calls that have a "length" out parameter
Add getpeername test
fstat64 is replaying everything and probably shouldn't
Clean up stat64, fstat64, etc. (The dictionary madness)
Write "debug print"'s for common system calls
Fix incomplete poll call handling (posix-omni-parser)?
Look up new IOCTL command
TCSETSW -> What does this do? Any out parameters?
FIONBIO -> What does this do? Any out parameters?
Rework write_buffer python code
Reduplicate populate child buffer, copy bytes C functions
Think about when to replay file operations and when not to
For example:
We don't want to replay "open" calls that result in file descriptors that are eventually mmap()'d
We don't want to replay write calls that are output that tell us how the program is responding to our injections
We might want to replay write calls to file descriptors that update program state that we are replaying later (or maybe this doesn't matter)
Better unit testing
Should be one command to recompile test programs, re-create traces, and re-execute all test scripts. This is too manual right now.
"sendmmsg" has an out parameter. Default handling doesn't work
Sendmsg bundles an out parameter with each msg_hdr that is updated by the kernel to reflect how many bytes of each message were sent.
Accept handler not properly populating the client's sockaddr structure
Control execution with configuration file
Config file should have at minimum contain the command and path to the trace.
__llseek need not be replayed on file descriptors that are not replayed
Right now __llseek is always replayed. This is probably not what we want to happen. I believe this is causing an issue with FTP replay when execution attempts to move the file cursor around in non-replayed files
Add test for recvmsg system call
Write tests for different IOCTL commands
Poll handler uses an hacky global variable
Calls to select() return RESTARTNOHAND
Seen when in the netcat execution (not under replay) when you make an invalid HTTP request to Google.
Add test for poll on multiple file descriptors
Important data is in "comments" (posix-omni-parser)
Successful socket calls that are not replayed should still insert an os file descriptor mapping
The Resolver Issue
There is a weird issue around a replay delta with resolve.conf
Currently this is being worked around by disabling the name resolution machinery and entering host information in the hosts file. Current hypothesis is that there is some sort of caching or external mechanism causing problems.
Since the vDSO fix was put in place this delta presents itself as a call to gettimeofday() rather than a call to close() during the name resolution recvfrom() + poll() loop (in wget).
netcat failure
netcat: connect to localhost port 6666 (tcp) failed: Unknown error 3223857
Error message comes from openbsd warn().
warn() is like perror
3223857 is the value in errno at the time this warn() was called
warn() is called if vflag is set -> verbosity on and timeout_connect does not return 0
timeout_connect sets errno to optval returned from getsockopt (likely source of bug)
4484 getsockopt(3, SOL_SOCKET, SO_ERROR, [111], [4]) = 0
results in:
DEBUG:root:Optval: 111
DEBUG:root:Optval Length: 4
DEBUG:root:Nooping the current system call in pid: 4705
DEBUG:root:Writing values
C: poke_address: child: 4705
C: poke_address: address: bfffb900
C: poke_address: data: 3223857
C: poke_address: child: 4705
C: poke_address: address: bfffb904
C: poke_address: data: 52
Find cleaner way to convert human-readable text flags to integer values
clone() needs to be implemented
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.