search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
don't bother printing errors about re-enabling coredump failures.
[trinity.git] / params.c
blob10d5b7fafca2472ad8bc7b1c5219567de001d1f0
1 #include <stdio.h>
2 #include <string.h>
3 #include <unistd.h>
4 #include <stdlib.h>
5 #include <getopt.h>
6 #include <sys/types.h>
7 #include <sys/stat.h>
8
9 #include "child.h"
10 #include "log.h"
11 #include "net.h"
12 #include "params.h"
13 #include "protocols.h"
14 #include "random.h"
15 #include "syscall.h"
16 #include "tables.h"
17 #include "trinity.h" // progname
18
19 #define TAINT_NAME_LEN 32
20
21 bool debug = FALSE;
22
23 bool do_specific_syscall = FALSE;
24 bool do_exclude_syscall = FALSE;
25
26 bool do_32_arch = TRUE;
27 bool do_64_arch = TRUE;
28
29 unsigned int specific_proto = 0;
30 unsigned int user_specified_children = 0;
31
32 bool do_specific_proto = FALSE;
33 bool no_protos[TRINITY_PF_MAX];
34
35 bool dopause = FALSE;
36 bool show_syscall_list = FALSE;
37 bool show_ioctl_list = FALSE;
38 unsigned char quiet_level = 0;
39 bool verbose = FALSE;
40 bool monochrome = FALSE;
41 bool dangerous = FALSE;
42 bool dropprivs = FALSE;
43 bool logging = TRUE;
44 bool do_syslog = FALSE;
45 bool random_selection = FALSE;
46 unsigned int random_selection_num;
47 bool no_files = FALSE;
48
49 bool user_set_seed = FALSE;
50
51 unsigned char desired_group = GROUP_NONE;
52
53 char *specific_proto_optarg;
54
55 char *victim_path;
56
57 int kernel_taint_initial = 0;
58 int kernel_taint_mask = 0xFFFFFFFF;
59 bool kernel_taint_param_occured = FALSE;
60
61 static void usage(void)
62 {
63 outputerr("%s\n", progname);
64 outputerr(" --arch, -a: selects syscalls for the specified architecture (32 or 64). Both by default.\n");
65 outputerr(" --children,-C: specify number of child processes\n");
66 outputerr(" --debug,-D: enable debug\n");
67 outputerr(" --dropprivs, -X: if run as root, switch to nobody [EXPERIMENTAL]\n");
68 outputerr(" --exclude,-x: don't call a specific syscall\n");
69 outputerr(" --group,-g: only run syscalls from a certain group (So far just 'vm').\n");
70 outputerr(" --ioctls,-I: list all ioctls.\n");
71 outputerr(" --kernel_taint, -T: controls which kernel taint flags should be considered, for more details refer to README file. \n");
72 outputerr(" --list,-L: list all syscalls known on this architecture.\n");
73 outputerr(" --logging,-l: (off=disable logging).\n");
74 outputerr(" --monochrome,-m: don't output ANSI codes\n");
75 outputerr(" --no_files,-n: Only pass sockets as fd's, not files\n");
76 outputerr(" --proto,-P: specify specific network protocol for sockets.\n");
77 outputerr(" --no_proto,-E: specify network protocols to be excluded from testing.\n");
78 outputerr(" --quiet,-q: less output.\n");
79 outputerr(" --random,-r#: pick N syscalls at random and just fuzz those\n");
80 outputerr(" --syslog,-S: log important info to syslog. (useful if syslog is remote)\n");
81 outputerr(" --verbose,-v: increase output verbosity.\n");
82 outputerr(" --victims,-V: path to victim files.\n");
83 outputerr("\n");
84 outputerr(" -c#,@: target specific syscall (takes syscall name as parameter and optionally 32 or 64 as bit-width. Default:both).\n");
85 outputerr(" -N#: do # syscalls then exit.\n");
86 outputerr(" -p: pause after syscall.\n");
87 outputerr(" -s#: use # as random seed.\n");
88 exit(EXIT_SUCCESS);
89 }
90
91 static const char paramstr[] = "a:c:C:dDg:hIl:LN:mnP:E:pqr:s:T:SV:vx:X";
92
93 static const struct option longopts[] = {
94 { "children", required_argument, NULL, 'C' },
95 { "dangerous", no_argument, NULL, 'd' },
96 { "dropprivs", no_argument, NULL, 'X'},
97 { "debug", no_argument, NULL, 'D' },
98 { "exclude", required_argument, NULL, 'x' },
99 { "group", required_argument, NULL, 'g' },
100 { "kernel_taint", required_argument, NULL, 'T' },
101 { "help", no_argument, NULL, 'h' },
102 { "list", no_argument, NULL, 'L' },
103 { "ioctls", no_argument, NULL, 'I' },
104 { "logging", required_argument, NULL, 'l' },
105 { "monochrome", no_argument, NULL, 'm' },
106 { "no_files", no_argument, NULL, 'n' },
107 { "proto", required_argument, NULL, 'P' },
108 { "no_proto", required_argument, NULL, 'E' },
109 { "random", required_argument, NULL, 'r' },
110 { "quiet", no_argument, NULL, 'q' },
111 { "syslog", no_argument, NULL, 'S' },
112 { "victims", required_argument, NULL, 'V' },
113 { "verbose", no_argument, NULL, 'v' },
114 { "arch", required_argument, NULL, 'a' },
115 { NULL, 0, NULL, 0 } };
116
117 static void toggle_taint_flag(int bit) {
118 kernel_taint_mask |= (1 << bit);
119 }
120
121 static void toggle_taint_flag_by_name(char *beg, char *end) {
122 char flagname[TAINT_NAME_LEN];
123 char *name;
124
125 if (end == NULL) {
126 name = beg;
127 } else {
128 int maxlen;
129
130 name = flagname;
131 maxlen = end - beg;
132 if (maxlen > (TAINT_NAME_LEN - 1))
133 maxlen = TAINT_NAME_LEN - 1;
134 strncpy(flagname, beg, maxlen);
135 flagname[maxlen] = 0;
136 }
137
138 if (strcmp(name,"PROPRIETARY_MODULE") == 0)
139 toggle_taint_flag(TAINT_PROPRIETARY_MODULE);
140 else if (strcmp(name,"FORCED_MODULE") == 0)
141 toggle_taint_flag(TAINT_FORCED_MODULE);
142 else if (strcmp(name,"UNSAFE_SMP") == 0)
143 toggle_taint_flag(TAINT_UNSAFE_SMP);
144 else if (strcmp(name,"FORCED_RMMOD") == 0)
145 toggle_taint_flag(TAINT_FORCED_RMMOD);
146 else if (strcmp(name,"MACHINE_CHECK") == 0)
147 toggle_taint_flag(TAINT_MACHINE_CHECK);
148 else if (strcmp(name,"BAD_PAGE") == 0)
149 toggle_taint_flag(TAINT_BAD_PAGE);
150 else if (strcmp(name,"USER") == 0)
151 toggle_taint_flag(TAINT_USER);
152 else if (strcmp(name,"DIE") == 0)
153 toggle_taint_flag(TAINT_DIE);
154 else if (strcmp(name,"OVERRIDDEN_ACPI_TABLE") == 0)
155 toggle_taint_flag(TAINT_OVERRIDDEN_ACPI_TABLE);
156 else if (strcmp(name,"WARN") == 0)
157 toggle_taint_flag(TAINT_WARN);
158 else if (strcmp(name,"CRAP") == 0)
159 toggle_taint_flag(TAINT_CRAP);
160 else if (strcmp(name,"FIRMWARE_WORKAROUND") == 0)
161 toggle_taint_flag(TAINT_FIRMWARE_WORKAROUND);
162 else if (strcmp(name,"OOT_MODULE") == 0)
163 toggle_taint_flag(TAINT_OOT_MODULE);
164 else {
165 outputerr("Unrecognizable kernel taint flag \"%s\".\n", name);
166 exit(EXIT_FAILURE);
167 }
168 }
169
170 static void process_taint_arg(char *taintarg) {
171 char *beg, *end;
172
173 if (kernel_taint_param_occured == FALSE) {
174 kernel_taint_param_occured = TRUE;
175 kernel_taint_mask = 0; //We now only care about flags that user specified.
176 }
177
178 beg = taintarg;
179 end = strchr(beg, ',');
180 while(end != NULL) {
181 toggle_taint_flag_by_name(beg,end);
182 beg = end + 1;
183 end = strchr(beg, ',');
184 }
185 toggle_taint_flag_by_name(beg,end);
186 }
187
188 void parse_args(int argc, char *argv[])
189 {
190 int opt;
191
192 while ((opt = getopt_long(argc, argv, paramstr, longopts, NULL)) != -1) {
193 switch (opt) {
194 default:
195 if (opt == '?')
196 exit(EXIT_FAILURE);
197 else
198 outputstd("opt:%c\n", opt);
199 return;
200
201 case '\0':
202 return;
203
204 case 'c':
205 /* syscalls are all disabled at this point. enable the syscall we care about. */
206 do_specific_syscall = TRUE;
207 toggle_syscall(optarg, TRUE);
208 break;
209
210 case 'a':
211 /* One of the architectures selected*/
212 do_32_arch = FALSE;
213 do_64_arch = FALSE;
214 if (strcmp(optarg, "64") == 0) {
215 do_32_arch = FALSE;
216 do_64_arch = TRUE;
217 } else if (strcmp(optarg, "32") == 0) {
218 do_32_arch = TRUE;
219 do_64_arch = FALSE;
220 } else {
221 outputstd("can't parse %s\n", optarg);
222 exit(EXIT_FAILURE);
223 }
224 break;
225
226 case 'C':
227 user_specified_children = strtoll(optarg, NULL, 10);
228 max_children = user_specified_children;
229
230 if (max_children == 0) {
231 outputerr("zero children ? WAT?\n");
232 exit(EXIT_FAILURE);
233 }
234 break;
235
236 case 'd':
237 dangerous = 1;
238 break;
239
240 case 'D':
241 debug = 1;
242 break;
243
244 case 'g':
245 if (!strcmp(optarg, "vm"))
246 desired_group = GROUP_VM;
247 if (!strcmp(optarg, "vfs"))
248 desired_group = GROUP_VFS;
249 break;
250
251 /* Show help */
252 case 'h':
253 usage();
254 exit(EXIT_SUCCESS);
255
256 case 'I':
257 show_ioctl_list = TRUE;
258 break;
259
260 case 'l':
261 if (!strcmp(optarg, "off"))
262 logging = 0;
263 break;
264
265 case 'L':
266 show_syscall_list = TRUE;
267 break;
268
269 case 'm':
270 monochrome = TRUE;
271 break;
272
273 case 'n':
274 no_files = TRUE;
275 break;
276
277 /* Set number of syscalls to do */
278 case 'N':
279 syscalls_todo = strtoll(optarg, NULL, 10);
280 break;
281
282 /* Pause after each syscall */
283 case 'p':
284 dopause = 1;
285 break;
286
287 case 'P':
288 do_specific_proto = 1;
289 specific_proto = strtol(optarg, NULL, 10);
290 specific_proto_optarg = optarg;
291 break;
292
293 case 'E':
294 parse_exclude_protos(optarg);
295 break;
296
297 case 'q':
298 quiet_level++;
299 break;
300
301 case 'r':
302 if (do_exclude_syscall == TRUE) {
303 outputerr("-r needs to be before any -x options.\n");
304 exit(EXIT_FAILURE);
305 }
306 random_selection = 1;
307 random_selection_num = strtol(optarg, NULL, 10);
308 break;
309
310 /* Set seed */
311 case 's':
312 seed = strtol(optarg, NULL, 10);
313 user_set_seed = TRUE;
314 break;
315
316
317 case 'S':
318 do_syslog = TRUE;
319 break;
320
321 case 'T':
322 //Load mask for kernel taint flags.
323 process_taint_arg(optarg);
324 if (kernel_taint_mask != (int)0xFFFFFFFF)
325 outputstd("Custom kernel taint mask has been specified: 0x%08x (%d).\n",
326 kernel_taint_mask, kernel_taint_mask);
327 break;
328
329 case 'v':
330 verbose = TRUE;
331 break;
332
333 case 'V':
334 victim_path = strdup(optarg);
335 //FIXME: Later, allow for multiple victim files
336 break;
337
338 case 'x':
339 do_exclude_syscall = TRUE;
340 toggle_syscall(optarg, FALSE);
341 break;
342
343 case 'X':
344 dropprivs = TRUE;
345 break;
346 }
347 }
348 if (quiet_level > MAX_LOGLEVEL)
349 quiet_level = MAX_LOGLEVEL;
350
351 quiet_level = MAX_LOGLEVEL - quiet_level;
352
353 outputstd("Done parsing arguments.\n");
354 }
Linux systemcall fuzzer