[panda-users] EXT :Re: Question about file_taint

Vikas Puri vpurinet at gmail.com
Thu Dec 20 14:57:34 EST 2018 

Hi Brendan,

Thank you for your response. When I boot the the existing disk image using
the command below, the boot seems to hang (see attached
screenshot_boot.png, ).

   - $PANDA_PATH/i386-softmmu/qemu-system-i386 -m 4096 -hda
   ubuntu32_x64.img --monitor stdio

If I attempt to create a new 32-bit image, using the following command, the
installation also hangs (as shown in screenshot_install.png):

   - $PANDA_PATH/i386-softmmu/qemu-system-i386 -m 4096 -hda ubuntu32.img
   -cdrom ~/Downloads/ubuntu-16.04.5-server-i386.iso -boot d

-VIkas

On Thu, Dec 20, 2018 at 10:35 AM Brendan Dolan-Gavitt <brendandg at nyu.edu>
wrote:

> OK, I see what's going on. It looks like you are running a 32-bit guest
> under qemu-system-x86_64. I think this should work (i.e., that assertion in
> file_taint is wrong), but it is not as well-tested, which may be why it's
> disabled.
>
> Your second attempt, replaying a recording made under qemu-system-x86_64
> using qemu-system-i386, won't work – the two machine definitions are
> incompatible.
>
> What should work is to boot the VM and create the recording under
> qemu-system-i386, then replay it under qemu-system-i386 as well.
>
> On Thu, Dec 20, 2018 at 12:04 PM Vikas Puri <vpurinet at gmail.com> wrote:
>
>> Hi Mark,
>>
>> I get a different error when I attempt to run with qemu-system-i386. This
>> is shown below:
>>
>> $PANDA_PATH/i386-softmmu/qemu-system-i386 -replay append_file_3 -os
>> linux-32-ubuntu:4.4.0-131-generic -panda osi -m 4096 -panda
>> osi_linux:kconf_group=ubuntu:4.4.0-131-generic:32 -panda
>> file_taint:filename=test.txt
>> PANDA[core]:os_familyno=2 bits=32 os_details=ubuntu:4.4.0-131-generic
>> PANDA[osi_linux]:adding argument kconf_group=ubuntu:4.4.0-131-generic:32.
>> PANDA[file_taint]:adding argument filename=test.txt.
>> PANDA[core]:initializing osi
>> Looking for kconffile in
>> /home/hackuser5/panda/panda/build/i386-softmmu/panda/plugins/osi_linux/kernelinfo.conf
>> OSI grabbing Linux introspection backend.
>> Linux OSI, using group ubuntu:4.4.0-131-generic:32 from
>> /home/hackuser5/panda/panda/build/i386-softmmu/panda/plugins/osi_linux/kernelinfo.conf.
>> PANDA[core]:loading required plugin osi_linux
>> PANDA[core]:initializing osi_linux
>> PANDA[osi_linux]:W> kernelinfo bytes [76-79] not read
>> PANDA[osi_linux]:W> kernelinfo bytes [92-95] not read
>> PANDA[core]:/home/hackuser5/panda/panda/build/i386-softmmu/panda/plugins/panda_osi_linux.so
>> already loaded
>> PANDA[core]:initializing file_taint
>> PANDA[core]:loading required plugin syscalls2
>> PANDA[core]:initializing syscalls2
>> PANDA[syscalls2]:using profile for linux x86 32-bit
>> PANDA[core]:loading required plugin osi
>> PANDA[core]:/home/hackuser5/panda/panda/build/i386-softmmu/panda/plugins/panda_osi.so
>> already loaded
>> PANDA[core]:loading required plugin taint2
>> PANDA[core]:initializing taint2
>> PANDA[taint2]:propagation via pointer dereference ENABLED
>> PANDA[taint2]:taint operations inlining DISABLED
>> PANDA[taint2]:llvm optimizations DISABLED
>> PANDA[taint2]:taint debugging DISABLED
>> PANDA[taint2]:detaint if control bits 0 DISABLED
>> PANDA[taint2]:maximum taint compute number (0=unlimited) 0
>> PANDA[taint2]:maximum taintset cardinality (0=unlimited) 0
>> PANDA[core]:loading required plugin callstack_instr
>> PANDA[core]:initializing callstack_instr
>> PANDA[core]:loading required plugin osi_linux
>> PANDA[core]:/home/hackuser5/panda/panda/build/i386-softmmu/panda/plugins/panda_osi_linux.so
>> already loaded
>> loading snapshot
>> *qemu-system-i386: Missing section footer for cpu*
>> Failed to load vmstate
>> Failed to start replay
>>
>> -Vikas
>>
>> On Thu, Dec 20, 2018 at 8:34 AM Mankins, Mark A [US] (MS) <
>> mark.mankins at ngc.com> wrote:
>>
>>> I believe this is the expected behavior.  Try running with
>>> qemu-system-i386 instead of qemu-system-x86_64.
>>>
>>>
>>>
>>> Mark
>>> ------------------------------
>>> *From:* panda-users-bounces at mit.edu <panda-users-bounces at mit.edu> on
>>> behalf of Vikas Puri <vpurinet at gmail.com>
>>> *Sent:* Thursday, December 20, 2018 9:18 AM
>>> *To:* Brendan Dolan-Gavitt
>>> *Cc:* panda-users at mit.edu
>>> *Subject:* EXT :Re: [panda-users] Question about file_taint
>>>
>>> Hi Brendan,
>>>
>>> Sorry for the late reply. Here is the information that you requested. I
>>> appreciate your help.
>>>
>>> *Guest OS*:
>>>
>>>    - ubuntu 4.4.0-31-generic i686
>>>
>>> *Host OS:*
>>>
>>>    - Ubuntu 4.4.0-31-generic x86_64 x86_64
>>>
>>> *Command Executed on Host*:
>>>
>>>    - $PANDA_PATH/x86_64-softmmu/qemu-system-x86_64 -replay
>>>    append_file_3 -os linux-32-ubuntu:4.4.0-131-generic -panda osi -m 4096
>>>    -panda osi_linux:kconf_group=ubuntu:4.4.0-131-generic:32 -panda
>>>    file_taint:filename=test.txt
>>>
>>> *Error reported on Host:*
>>>
>>> PANDA[core]:os_familyno=2 bits=32 os_details=ubuntu:4.4.0-131-generic
>>> PANDA[osi_linux]:adding argument kconf_group=ubuntu:4.4.0-131-generic:32.
>>> PANDA[file_taint]:adding argument filename=test.txt.
>>> PANDA[core]:initializing osi
>>> Looking for kconffile in
>>> /home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/osi_linux/kernelinfo.conf
>>> OSI grabbing Linux introspection backend.
>>> Linux OSI, using group ubuntu:4.4.0-131-generic:32 from
>>> /home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/osi_linux/kernelinfo.conf.
>>> PANDA[core]:loading required plugin osi_linux
>>> PANDA[core]:initializing osi_linux
>>> PANDA[osi_linux]:W> kernelinfo bytes [76-79] not read
>>> PANDA[osi_linux]:W> kernelinfo bytes [92-95] not read
>>> PANDA[core]:/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/panda_osi_linux.so
>>> already loaded
>>> PANDA[core]:initializing file_taint
>>> PANDA[core]:loading required plugin syscalls2
>>> PANDA[core]:initializing syscalls2
>>> PANDA[syscalls2]:using profile for linux x86 32-bit
>>> PANDA[core]:loading required plugin osi
>>> PANDA[core]:/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/panda_osi.so
>>> already loaded
>>> PANDA[core]:loading required plugin taint2
>>> PANDA[core]:initializing taint2
>>> PANDA[taint2]:propagation via pointer dereference ENABLED
>>> PANDA[taint2]:taint operations inlining DISABLED
>>> PANDA[taint2]:llvm optimizations DISABLED
>>> PANDA[taint2]:taint debugging DISABLED
>>> PANDA[taint2]:detaint if control bits 0 DISABLED
>>> PANDA[taint2]:maximum taint compute number (0=unlimited) 0
>>> PANDA[taint2]:maximum taintset cardinality (0=unlimited) 0
>>> PANDA[core]:loading required plugin callstack_instr
>>> PANDA[core]:initializing callstack_instr
>>> *ERROR: Linux is only supported on x86 (32-bit)*
>>> FAIL: Unable to load plugin
>>> `/home/hackuser5/panda/panda/build/x86_64-softmmu/panda/plugins/panda_file_taint.so'
>>>
>>> -Vikas
>>>
>>> On Tue, Dec 18, 2018 at 7:11 PM Brendan Dolan-Gavitt <brendandg at nyu.edu>
>>> wrote:
>>>
>>>> You should be able to compile *and* run syscalls2 on a 64 bit host as
>>>> long as the guest virtual machine is 32-bit. In particular, we have tested
>>>> Ubuntu 16.04 64-bit hosts pretty extensively with file_taint: they work
>>>> fine. What's the actual error you're getting?
>>>>
>>>> On Tue, Dec 18, 2018 at 9:59 PM Vikas Puri <vpurinet at gmail.com> wrote:
>>>>
>>>>> Hi Brendan,
>>>>>
>>>>> Thanks for your reply. As you indicate, I can compile syscalls2 on a
>>>>> 64-bit host. However, I cannot execute it and the plugins that it's a
>>>>> dependency for (like file_taint) on a 64 bit host. On a 32-bit host, I have
>>>>> issues with taint2 since it requires LLVM support.
>>>>>
>>>>> My question is simply on what host platforms can I execute file_taint
>>>>> and related taint plugins?
>>>>>
>>>>> Thanks for your help.
>>>>>
>>>>> Regards,
>>>>>
>>>>> -Vikas
>>>>>
>>>>> On Tue, Dec 18, 2018 at 5:00 PM Brendan Dolan-Gavitt <
>>>>> brendandg at nyu.edu> wrote:
>>>>>
>>>>>> For (2), syscalls2 only supports analyzing 32 bit guests, but it
>>>>>> should compile on a 64-bit host operating system just fine (this is the
>>>>>> configuration we use normally). Could you post the error you’re getting
>>>>>> when trying to compile it?
>>>>>>
>>>>>> On Tue, Dec 18, 2018 at 3:58 PM Vikas Puri <vpurinet at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I am attempting to use the file_taint plugin. However, I am running
>>>>>>> into a few problems (listed below). I am attempting to run this on a ubuntu
>>>>>>> 16.04 host and guest:
>>>>>>>
>>>>>>>    1. "file_taint" depends on the taint2 plugin. Taint2 requires
>>>>>>>    LLVM. LLVM support requires a 64-bit host OS.
>>>>>>>    2. file_taint also requires the syscalls2 plugin. Syscalls2
>>>>>>>    seems to be supported for the ARM and i386 CPU families. It does not appear
>>>>>>>    to be supported on x86_64 platforms. I get an error when executing this on
>>>>>>>    a x86_64 Ubuntu 16.04 host.
>>>>>>>    3. Given the constraints of items 1 and 2, I cannot identify a
>>>>>>>    host OS that I can use to build and execute file_taint.
>>>>>>>
>>>>>>> Any suggestions that you can provide would be greatly appreciated.
>>>>>>>
>>>>>>> Sincerely,
>>>>>>>
>>>>>>> -Vikas
>>>>>>> _______________________________________________
>>>>>>> panda-users mailing list
>>>>>>> panda-users at mit.edu
>>>>>>>
>>>>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.mit.edu_mailman_listinfo_panda-2Dusers&d=DwICAg&c=slrrB7dE8n7gBJbeO0g-IQ&r=A4wu5Zmpus3hDmokNWeJTO0SLjrxguzCAxn30Hc-o48&m=wlCAgCNUC_P-8nSM_ArRoZfarTg_fpwoE8E2IZBYXRo&s=eFlh9e8xVYsffx6nie7-Pk--u9ykujp3zQd5zejToFw&e=
>>>>>>>
>>>>>> --
>>>>>> Brendan Dolan-Gavitt
>>>>>> Assistant Professor, Department of Computer Science and Engineering
>>>>>> NYU Tandon School of Engineering
>>>>>>
>>>>>
>>>>
>>>> --
>>>> Brendan Dolan-Gavitt
>>>> Assistant Professor, Department of Computer Science and Engineering
>>>> NYU Tandon School of Engineering
>>>>
>>>
>
> --
> Brendan Dolan-Gavitt
> Assistant Professor, Department of Computer Science and Engineering
> NYU Tandon School of Engineering
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/panda-users/attachments/20181220/b75c29de/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: screenshot_boot.png
Type: image/png
Size: 35329 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20181220/b75c29de/attachment-0002.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: screenshot_install.png
Type: image/png
Size: 7272 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/panda-users/attachments/20181220/b75c29de/attachment-0003.png

More information about the panda-users mailing list