tools/out-of-tree
1
0
Fork 0
Code Releases Activity

Use different stages for kernel exploit and kernel module

Browse Source
This commit is contained in:
dump_stack() 2018-10-07 14:47:14 +00:00
parent 0f569c88cc
commit 59d86cef7b
1 changed files with 47 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
main.go
View File

@ -9,6 +9,7 @@ import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"log" "log"
"math/rand"
"os" "os"
"os/exec" "os/exec"
"regexp" "regexp"
@ -174,21 +175,16 @@ func cleanDmesg(q *qemu.QemuSystem) (err error) {
return return
} }
func run(q *qemu.QemuSystem, ka artifact, ki kernelInfo, file string) (output string, err error) { func testKernelModule(q *qemu.QemuSystem, ka artifact) (output string, err error) {
switch ka.Type { // TODO
case KernelModule: err = errors.New("Not implemented")
output, err = q.CopyAndInsmod(file)
case KernelExploit:
output, err = q.CopyAndRun("user", file)
default:
err = errors.New("Unsupported artifact type")
}
return return
} }
func test(q *qemu.QemuSystem, ka artifact) (output string, err error) { func testKernelExploit(q *qemu.QemuSystem, ka artifact,
remoteExploitPath string) (output string, err error) {
// TODO // TODO
err = errors.New("Not implemented")
return return
} }
@ -203,25 +199,20 @@ func genOkFail(name string, ok bool) aurora.Value {
} }
func dumpResult(ka artifact, ki kernelInfo, build_ok, run_ok, test_ok *bool) { func dumpResult(ka artifact, ki kernelInfo, build_ok, run_ok, test_ok *bool) {
var stest aurora.Value distroInfo := fmt.Sprintf("%s-%s {%s}", ki.DistroType,
if ka.Type == KernelExploit { ki.DistroRelease, ki.KernelRelease)
stest = genOkFail("LPE", *test_ok)
} else {
stest = genOkFail("TEST", *test_ok)
}
var srun aurora.Value colored := ""
if ka.Type == KernelExploit { if ka.Type == KernelExploit {
srun = genOkFail("RUN", *run_ok) colored = aurora.Sprintf("[*] %40s: %s %s", distroInfo,
} else {
srun = genOkFail("INSMOD", *run_ok)
}
colored := aurora.Sprintf("[*] %40s: %s %s %s",
fmt.Sprintf("%s-%s {%s}", ki.DistroType, ki.DistroRelease,
ki.KernelRelease),
genOkFail("BUILD", *build_ok), genOkFail("BUILD", *build_ok),
srun, stest) genOkFail("LPE", *test_ok))
} else {
colored = aurora.Sprintf("[*] %40s: %s %s %s", distroInfo,
genOkFail("BUILD", *build_ok),
genOkFail("INSMOD", *run_ok),
genOkFail("TEST", *test_ok))
}
fmt.Println(colored) fmt.Println(colored)
} }
@ -265,19 +256,38 @@ func whatever(swg *sizedwaitgroup.SizedWaitGroup, ka artifact, ki kernelInfo) {
return return
} }
// TODO Write run log to file or database if ka.Type == KernelModule {
_, err = run(q, ka, ki, outFile) // TODO Write insmod log to file or database
_, err = q.CopyAndInsmod(outFile)
if err != nil { if err != nil {
return return
} }
run_ok = true run_ok = true
// TODO Write test results to file or database // TODO Write test results to file or database
_, err = test(q, ka) _, err = testKernelModule(q, ka)
if err != nil { if err != nil {
return return
} }
test_ok = true test_ok = true
} else if ka.Type == KernelExploit {
remoteExploitPath := fmt.Sprintf("/tmp/exploit_%d.ko", rand.Int())
err = q.CopyFile("root", outFile, remoteExploitPath)
if err != nil {
return
}
// TODO Write test results to file or database
_, err = testKernelExploit(q, ka, remoteExploitPath)
if err != nil {
return
}
run_ok = true // does not really used
test_ok = true
} else {
err = errors.New("Unsupported artifact type")
}
return
} }
type kernelConfig struct { type kernelConfig struct {