[panda-users] EXT :Re: Question about file_taint

Vikas Puri vpurinet at gmail.com
Thu Dec 20 12:04:16 EST 2018 

Hi Mark,

I get a different error when I attempt to run with qemu-system-i386. This
is shown below:

$PANDA_PATH/i386-softmmu/qemu-system-i386 -replay append_file_3 -os
linux-32-ubuntu:4.4.0-131-generic -panda osi -m 4096 -panda
osi_linux:kconf_group=ubuntu:4.4.0-131-generic:32 -panda
file_taint:filename=test.txt
PANDA[core]:os_familyno=2 bits=32 os_details=ubuntu:4.4.0-131-generic
PANDA[osi_linux]:adding argument kconf_group=ubuntu:4.4.0-131-generic:32.
PANDA[file_taint]:adding argument filename=test.txt.
PANDA[core]:initializing osi
Looking for kconffile in
/home/hackuser5/panda/panda/build/i386-softmmu/panda/plugins/osi_linux/kernelinfo.conf
OSI grabbing Linux introspection backend.
Linux OSI, using group ubuntu:4.4.0-131-generic:32 from
/home/hackuser5/panda/panda/build/i386-softmmu/panda/plugins/osi_linux/kernelinfo.conf.
PANDA[core]:loading required plugin osi_linux
PANDA[core]:initializing osi_linux
PANDA[osi_linux]:W> kernelinfo bytes [76-79] not read
PANDA[osi_linux]:W> kernelinfo bytes [92-95] not read
PANDA[core]:/home/hackuser5/panda/panda/build/i386-softmmu/panda/plugins/panda_osi_linux.so
already loaded
PANDA[core]:initializing file_taint
PANDA[core]:loading required plugin syscalls2
PANDA[core]:initializing syscalls2
PANDA[syscalls2]:using profile for linux x86 32-bit
PANDA[core]:loading required plugin osi
PANDA[core]:/home/hackuser5/panda/panda/build/i386-softmmu/panda/plugins/panda_osi.so
already loaded
PANDA[core]:loading required plugin taint2
PANDA[core]:initializing taint2
PANDA[taint2]:propagation via pointer dereference ENABLED
PANDA[taint2]:taint operations inlining DISABLED
PANDA[taint2]:llvm optimizations DISABLED
PANDA[taint2]:taint debugging DISABLED
PANDA[taint2]:detaint if control bits 0 DISABLED
PANDA[taint2]:maximum taint compute number (0=unlimited) 0
PANDA[taint2]:maximum taintset cardinality (0=unlimited) 0
PANDA[core]:loading required plugin callstack_instr
PANDA[core]:initializing callstack_instr
PANDA[core]:loading required plugin osi_linux
PANDA[core]:/home/hackuser5/panda/panda/build/i386-softmmu/panda/plugins/panda_osi_linux.so
already loaded
loading snapshot
*qemu-system-i386: Missing section footer for cpu*
Failed to load vmstate
Failed to start replay

-Vikas

On Thu, Dec 20, 2018 at 8:34 AM Mankins, Mark A [US] (MS) <
mark.mankins at ngc.com> wrote:

> I believe this is the expected behavior.  Try running with
> qemu-system-i386 instead of qemu-system-x86_64.
>
>
>
> Mark
> ------------------------------
> *From:* panda-users-bounces at mit.edu <panda-users-bounces at mit.edu> on
> behalf of Vikas Puri <vpurinet at gmail.com>
> *Sent:* Thursday, December 20, 2018 9:18 AM
> *To:* Brendan Dolan-Gavitt
> *Cc:* panda-users at mit.edu
> *Subject:* EXT :Re: [panda-users] Question about file_taint
>
> Hi Brendan,
>
> Sorry for the late reply. Here is the information that you requested. I
> appreciate your help.
>
> *Guest OS*:
>
>    - ubuntu 4.4.0-31-generic i686
>
> *Host OS:*
>
>    - Ubuntu 4.4.0-31-generic x86_64 x86_64
>
> *Command Executed on Host*:
>
>    - $PANDA_PATH/x86_64-softmmu/qemu-system-x86_64 -replay append_file_3
>    -os linux-32-ubuntu:4.4.0-131-generic -panda osi -m 4096 -panda
>    osi_linux:kconf_group=ubuntu:4.4.0-131-generic:32 -panda
>    file_taint:filename=test.txt
>
> *Error reported on Host:*
>
> PANDA[core]:os_familyno=2 bits=32 os_details=ubuntu:4.4.0-131-generic
> PANDA[osi_linux]:adding argument kconf_group=ubuntu:4.4.0-131-generic:32.
> PANDA[file_taint]:adding argument filename=test.txt.
> PANDA[core]:initializing osi
> Looking for kconffile in
> /home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/osi_linux/kernelinfo.conf
> OSI grabbing Linux introspection backend.
> Linux OSI, using group ubuntu:4.4.0-131-generic:32 from
> /home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/osi_linux/kernelinfo.conf.
> PANDA[core]:loading required plugin osi_linux
> PANDA[core]:initializing osi_linux
> PANDA[osi_linux]:W> kernelinfo bytes [76-79] not read
> PANDA[osi_linux]:W> kernelinfo bytes [92-95] not read
> PANDA[core]:/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/panda_osi_linux.so
> already loaded
> PANDA[core]:initializing file_taint
> PANDA[core]:loading required plugin syscalls2
> PANDA[core]:initializing syscalls2
> PANDA[syscalls2]:using profile for linux x86 32-bit
> PANDA[core]:loading required plugin osi
> PANDA[core]:/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/panda_osi.so
> already loaded
> PANDA[core]:loading required plugin taint2
> PANDA[core]:initializing taint2
> PANDA[taint2]:propagation via pointer dereference ENABLED
> PANDA[taint2]:taint operations inlining DISABLED
> PANDA[taint2]:llvm optimizations DISABLED
> PANDA[taint2]:taint debugging DISABLED
> PANDA[taint2]:detaint if control bits 0 DISABLED
> PANDA[taint2]:maximum taint compute number (0=unlimited) 0
> PANDA[taint2]:maximum taintset cardinality (0=unlimited) 0
> PANDA[core]:loading required plugin callstack_instr
> PANDA[core]:initializing callstack_instr
> *ERROR: Linux is only supported on x86 (32-bit)*
> FAIL: Unable to load plugin
> `/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/panda_file_taint.so'
>
> -Vikas
>
> On Tue, Dec 18, 2018 at 7:11 PM Brendan Dolan-Gavitt <brendandg at nyu.edu>
> wrote:
>
>> You should be able to compile *and* run syscalls2 on a 64 bit host as
>> long as the guest virtual machine is 32-bit. In particular, we have tested
>> Ubuntu 16.04 64-bit hosts pretty extensively with file_taint: they work
>> fine. What's the actual error you're getting?
>>
>> On Tue, Dec 18, 2018 at 9:59 PM Vikas Puri <vpurinet at gmail.com> wrote:
>>
>>> Hi Brendan,
>>>
>>> Thanks for your reply. As you indicate, I can compile syscalls2 on a
>>> 64-bit host. However, I cannot execute it and the plugins that it's a
>>> dependency for (like file_taint) on a 64 bit host. On a 32-bit host, I have
>>> issues with taint2 since it requires LLVM support.
>>>
>>> My question is simply on what host platforms can I execute file_taint
>>> and related taint plugins?
>>>
>>> Thanks for your help.
>>>
>>> Regards,
>>>
>>> -Vikas
>>>
>>> On Tue, Dec 18, 2018 at 5:00 PM Brendan Dolan-Gavitt <brendandg at nyu.edu>
>>> wrote:
>>>
>>>> For (2), syscalls2 only supports analyzing 32 bit guests, but it should
>>>> compile on a 64-bit host operating system just fine (this is the
>>>> configuration we use normally). Could you post the error you’re getting
>>>> when trying to compile it?
>>>>
>>>> On Tue, Dec 18, 2018 at 3:58 PM Vikas Puri <vpurinet at gmail.com> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I am attempting to use the file_taint plugin. However, I am running
>>>>> into a few problems (listed below). I am attempting to run this on a ubuntu
>>>>> 16.04 host and guest:
>>>>>
>>>>>    1. "file_taint" depends on the taint2 plugin. Taint2 requires
>>>>>    LLVM. LLVM support requires a 64-bit host OS.
>>>>>    2. file_taint also requires the syscalls2 plugin. Syscalls2 seems
>>>>>    to be supported for the ARM and i386 CPU families. It does not appear to be
>>>>>    supported on x86_64 platforms. I get an error when executing this on a
>>>>>    x86_64 Ubuntu 16.04 host.
>>>>>    3. Given the constraints of items 1 and 2, I cannot identify a
>>>>>    host OS that I can use to build and execute file_taint.
>>>>>
>>>>> Any suggestions that you can provide would be greatly appreciated.
>>>>>
>>>>> Sincerely,
>>>>>
>>>>> -Vikas
>>>>> _______________________________________________
>>>>> panda-users mailing list
>>>>> panda-users at mit.edu
>>>>>
>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.mit.edu_mailman_listinfo_panda-2Dusers&d=DwICAg&c=slrrB7dE8n7gBJbeO0g-IQ&r=A4wu5Zmpus3hDmokNWeJTO0SLjrxguzCAxn30Hc-o48&m=wlCAgCNUC_P-8nSM_ArRoZfarTg_fpwoE8E2IZBYXRo&s=eFlh9e8xVYsffx6nie7-Pk--u9ykujp3zQd5zejToFw&e=
>>>>>
>>>> --
>>>> Brendan Dolan-Gavitt
>>>> Assistant Professor, Department of Computer Science and Engineering
>>>> NYU Tandon School of Engineering
>>>>
>>>
>>
>> --
>> Brendan Dolan-Gavitt
>> Assistant Professor, Department of Computer Science and Engineering
>> NYU Tandon School of Engineering
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20181220/ce3d68e0/attachment-0001.html

More information about the panda-users mailing list