[panda-users] EXT :Re: Question about file_taint

Mankins, Mark A [US] (MS) mark.mankins at ngc.com
Thu Dec 20 11:33:53 EST 2018 

I believe this is the expected behavior.  Try running with qemu-system-i386 instead of qemu-system-x86_64.



Mark

________________________________
From: panda-users-bounces at mit.edu <panda-users-bounces at mit.edu> on behalf of Vikas Puri <vpurinet at gmail.com>
Sent: Thursday, December 20, 2018 9:18 AM
To: Brendan Dolan-Gavitt
Cc: panda-users at mit.edu
Subject: EXT :Re: [panda-users] Question about file_taint

Hi Brendan,

Sorry for the late reply. Here is the information that you requested. I appreciate your help.

Guest OS:

  *   ubuntu 4.4.0-31-generic i686

Host OS:

  *   Ubuntu 4.4.0-31-generic x86_64 x86_64

Command Executed on Host:

  *   $PANDA_PATH/x86_64-softmmu/qemu-system-x86_64 -replay append_file_3 -os linux-32-ubuntu:4.4.0-131-generic -panda osi -m 4096 -panda osi_linux:kconf_group=ubuntu:4.4.0-131-generic:32 -panda file_taint:filename=test.txt

Error reported on Host:

PANDA[core]:os_familyno=2 bits=32 os_details=ubuntu:4.4.0-131-generic
PANDA[osi_linux]:adding argument kconf_group=ubuntu:4.4.0-131-generic:32.
PANDA[file_taint]:adding argument filename=test.txt.
PANDA[core]:initializing osi
Looking for kconffile in /home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/osi_linux/kernelinfo.conf
OSI grabbing Linux introspection backend.
Linux OSI, using group ubuntu:4.4.0-131-generic:32 from /home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/osi_linux/kernelinfo.conf.
PANDA[core]:loading required plugin osi_linux
PANDA[core]:initializing osi_linux
PANDA[osi_linux]:W> kernelinfo bytes [76-79] not read
PANDA[osi_linux]:W> kernelinfo bytes [92-95] not read
PANDA[core]:/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/panda_osi_linux.so already loaded
PANDA[core]:initializing file_taint
PANDA[core]:loading required plugin syscalls2
PANDA[core]:initializing syscalls2
PANDA[syscalls2]:using profile for linux x86 32-bit
PANDA[core]:loading required plugin osi
PANDA[core]:/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/panda_osi.so already loaded
PANDA[core]:loading required plugin taint2
PANDA[core]:initializing taint2
PANDA[taint2]:propagation via pointer dereference ENABLED
PANDA[taint2]:taint operations inlining DISABLED
PANDA[taint2]:llvm optimizations DISABLED
PANDA[taint2]:taint debugging DISABLED
PANDA[taint2]:detaint if control bits 0 DISABLED
PANDA[taint2]:maximum taint compute number (0=unlimited) 0
PANDA[taint2]:maximum taintset cardinality (0=unlimited) 0
PANDA[core]:loading required plugin callstack_instr
PANDA[core]:initializing callstack_instr
ERROR: Linux is only supported on x86 (32-bit)
FAIL: Unable to load plugin `/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/panda_file_taint.so'

-Vikas

On Tue, Dec 18, 2018 at 7:11 PM Brendan Dolan-Gavitt <brendandg at nyu.edu<mailto:brendandg at nyu.edu>> wrote:
You should be able to compile *and* run syscalls2 on a 64 bit host as long as the guest virtual machine is 32-bit. In particular, we have tested Ubuntu 16.04 64-bit hosts pretty extensively with file_taint: they work fine. What's the actual error you're getting?

On Tue, Dec 18, 2018 at 9:59 PM Vikas Puri <vpurinet at gmail.com<mailto:vpurinet at gmail.com>> wrote:
Hi Brendan,

Thanks for your reply. As you indicate, I can compile syscalls2 on a 64-bit host. However, I cannot execute it and the plugins that it's a dependency for (like file_taint) on a 64 bit host. On a 32-bit host, I have issues with taint2 since it requires LLVM support.

My question is simply on what host platforms can I execute file_taint and related taint plugins?

Thanks for your help.

Regards,

-Vikas

On Tue, Dec 18, 2018 at 5:00 PM Brendan Dolan-Gavitt <brendandg at nyu.edu<mailto:brendandg at nyu.edu>> wrote:
For (2), syscalls2 only supports analyzing 32 bit guests, but it should compile on a 64-bit host operating system just fine (this is the configuration we use normally). Could you post the error you’re getting when trying to compile it?

On Tue, Dec 18, 2018 at 3:58 PM Vikas Puri <vpurinet at gmail.com<mailto:vpurinet at gmail.com>> wrote:
Hello,

I am attempting to use the file_taint plugin. However, I am running into a few problems (listed below). I am attempting to run this on a ubuntu 16.04 host and guest:

  1.  "file_taint" depends on the taint2 plugin. Taint2 requires LLVM. LLVM support requires a 64-bit host OS.
  2.  file_taint also requires the syscalls2 plugin. Syscalls2 seems to be supported for the ARM and i386 CPU families. It does not appear to be supported on x86_64 platforms. I get an error when executing this on a x86_64 Ubuntu 16.04 host.
  3.  Given the constraints of items 1 and 2, I cannot identify a host OS that I can use to build and execute file_taint.

Any suggestions that you can provide would be greatly appreciated.

Sincerely,

-Vikas
_______________________________________________
panda-users mailing list
panda-users at mit.edu<mailto:panda-users at mit.edu>
https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.mit.edu_mailman_listinfo_panda-2Dusers&d=DwICAg&c=slrrB7dE8n7gBJbeO0g-IQ&r=A4wu5Zmpus3hDmokNWeJTO0SLjrxguzCAxn30Hc-o48&m=wlCAgCNUC_P-8nSM_ArRoZfarTg_fpwoE8E2IZBYXRo&s=eFlh9e8xVYsffx6nie7-Pk--u9ykujp3zQd5zejToFw&e=
--
Brendan Dolan-Gavitt
Assistant Professor, Department of Computer Science and Engineering
NYU Tandon School of Engineering


--
Brendan Dolan-Gavitt
Assistant Professor, Department of Computer Science and Engineering
NYU Tandon School of Engineering
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20181220/91be93e3/attachment-0001.html

More information about the panda-users mailing list