[panda-users] Question about file_taint

Vikas Puri vpurinet at gmail.com
Thu Dec 20 09:18:32 EST 2018 

Hi Brendan,

Sorry for the late reply. Here is the information that you requested. I
appreciate your help.

*Guest OS*:

   - ubuntu 4.4.0-31-generic i686

*Host OS:*

   - Ubuntu 4.4.0-31-generic x86_64 x86_64

*Command Executed on Host*:

   - $PANDA_PATH/x86_64-softmmu/qemu-system-x86_64 -replay append_file_3
   -os linux-32-ubuntu:4.4.0-131-generic -panda osi -m 4096 -panda
   osi_linux:kconf_group=ubuntu:4.4.0-131-generic:32 -panda
   file_taint:filename=test.txt

*Error reported on Host:*

PANDA[core]:os_familyno=2 bits=32 os_details=ubuntu:4.4.0-131-generic
PANDA[osi_linux]:adding argument kconf_group=ubuntu:4.4.0-131-generic:32.
PANDA[file_taint]:adding argument filename=test.txt.
PANDA[core]:initializing osi
Looking for kconffile in
/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/osi_linux/kernelinfo.conf
OSI grabbing Linux introspection backend.
Linux OSI, using group ubuntu:4.4.0-131-generic:32 from
/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/osi_linux/kernelinfo.conf.
PANDA[core]:loading required plugin osi_linux
PANDA[core]:initializing osi_linux
PANDA[osi_linux]:W> kernelinfo bytes [76-79] not read
PANDA[osi_linux]:W> kernelinfo bytes [92-95] not read
PANDA[core]:/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/panda_osi_linux.so
already loaded
PANDA[core]:initializing file_taint
PANDA[core]:loading required plugin syscalls2
PANDA[core]:initializing syscalls2
PANDA[syscalls2]:using profile for linux x86 32-bit
PANDA[core]:loading required plugin osi
PANDA[core]:/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/panda_osi.so
already loaded
PANDA[core]:loading required plugin taint2
PANDA[core]:initializing taint2
PANDA[taint2]:propagation via pointer dereference ENABLED
PANDA[taint2]:taint operations inlining DISABLED
PANDA[taint2]:llvm optimizations DISABLED
PANDA[taint2]:taint debugging DISABLED
PANDA[taint2]:detaint if control bits 0 DISABLED
PANDA[taint2]:maximum taint compute number (0=unlimited) 0
PANDA[taint2]:maximum taintset cardinality (0=unlimited) 0
PANDA[core]:loading required plugin callstack_instr
PANDA[core]:initializing callstack_instr
*ERROR: Linux is only supported on x86 (32-bit)*
FAIL: Unable to load plugin
`/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/panda_file_taint.so'

-Vikas

On Tue, Dec 18, 2018 at 7:11 PM Brendan Dolan-Gavitt <brendandg at nyu.edu>
wrote:

> You should be able to compile *and* run syscalls2 on a 64 bit host as long
> as the guest virtual machine is 32-bit. In particular, we have tested
> Ubuntu 16.04 64-bit hosts pretty extensively with file_taint: they work
> fine. What's the actual error you're getting?
>
> On Tue, Dec 18, 2018 at 9:59 PM Vikas Puri <vpurinet at gmail.com> wrote:
>
>> Hi Brendan,
>>
>> Thanks for your reply. As you indicate, I can compile syscalls2 on a
>> 64-bit host. However, I cannot execute it and the plugins that it's a
>> dependency for (like file_taint) on a 64 bit host. On a 32-bit host, I have
>> issues with taint2 since it requires LLVM support.
>>
>> My question is simply on what host platforms can I execute file_taint and
>> related taint plugins?
>>
>> Thanks for your help.
>>
>> Regards,
>>
>> -Vikas
>>
>> On Tue, Dec 18, 2018 at 5:00 PM Brendan Dolan-Gavitt <brendandg at nyu.edu>
>> wrote:
>>
>>> For (2), syscalls2 only supports analyzing 32 bit guests, but it should
>>> compile on a 64-bit host operating system just fine (this is the
>>> configuration we use normally). Could you post the error you’re getting
>>> when trying to compile it?
>>>
>>> On Tue, Dec 18, 2018 at 3:58 PM Vikas Puri <vpurinet at gmail.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> I am attempting to use the file_taint plugin. However, I am running
>>>> into a few problems (listed below). I am attempting to run this on a ubuntu
>>>> 16.04 host and guest:
>>>>
>>>>    1. "file_taint" depends on the taint2 plugin. Taint2 requires LLVM.
>>>>    LLVM support requires a 64-bit host OS.
>>>>    2. file_taint also requires the syscalls2 plugin. Syscalls2 seems
>>>>    to be supported for the ARM and i386 CPU families. It does not appear to be
>>>>    supported on x86_64 platforms. I get an error when executing this on a
>>>>    x86_64 Ubuntu 16.04 host.
>>>>    3. Given the constraints of items 1 and 2, I cannot identify a host
>>>>    OS that I can use to build and execute file_taint.
>>>>
>>>> Any suggestions that you can provide would be greatly appreciated.
>>>>
>>>> Sincerely,
>>>>
>>>> -Vikas
>>>> _______________________________________________
>>>> panda-users mailing list
>>>> panda-users at mit.edu
>>>>
>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.mit.edu_mailman_listinfo_panda-2Dusers&d=DwICAg&c=slrrB7dE8n7gBJbeO0g-IQ&r=A4wu5Zmpus3hDmokNWeJTO0SLjrxguzCAxn30Hc-o48&m=wlCAgCNUC_P-8nSM_ArRoZfarTg_fpwoE8E2IZBYXRo&s=eFlh9e8xVYsffx6nie7-Pk--u9ykujp3zQd5zejToFw&e=
>>>>
>>> --
>>> Brendan Dolan-Gavitt
>>> Assistant Professor, Department of Computer Science and Engineering
>>> NYU Tandon School of Engineering
>>>
>>
>
> --
> Brendan Dolan-Gavitt
> Assistant Professor, Department of Computer Science and Engineering
> NYU Tandon School of Engineering
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20181220/b62b635c/attachment.html

More information about the panda-users mailing list