seccomp-tools 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 52d71ec73ddfa5dab7d22d982b27b2d4c3610080
4
- data.tar.gz: '08439390a2e4a08d8619eba08b7b66a2814372b1'
3
+ metadata.gz: e486ade31fe2b1da262f3636060b4d0b3947fb29
4
+ data.tar.gz: c65f8074f25cb4b3806726a04d2c2377d44b3ec4
5
5
  SHA512:
6
- metadata.gz: c69c741edae030e7a775dcad768fa983c627cda1d849947c079d45148453a018cbba249abd18faced059b4c4cdc793e746d707e178b2e845804e7bb9a4c70437
7
- data.tar.gz: fc8cc5926cba54d561822b3a75b57c8721b1113ef16117f455c8a91f651dbad16ced7f6e09209d2adcd7a8183f4a1f8d327aa490652fe5f8ee7a3be187fe361a
6
+ metadata.gz: 4fbb16ae849bcfc0d17eb8bbcb36f4e7906adb3da00f8bcc31712b69a299e3d3a4f659227e1668f8809433f5c4805170fd79e4934c174a4c455438bca6973361
7
+ data.tar.gz: a3aba5b768d38fe50f4533a60f7f9cc9d592429803a17728101f721d1aaaf767fcec270ffe59d08bd36763e542e48af48774a707d30dcba71d3920fc6a05123c
data/README.md CHANGED
@@ -38,19 +38,20 @@ $ seccomp-tools --help
38
38
  #
39
39
  # List of commands:
40
40
  #
41
- # dump Automatically dump seccomp bpf from execution file.
42
- # disasm Disassemble seccomp bpf.
43
41
  # asm Seccomp bpf assembler.
42
+ # disasm Disassemble seccomp bpf.
43
+ # dump Automatically dump seccomp bpf from execution file.
44
44
  # emu Emulate seccomp rules.
45
45
  #
46
- # See 'seccomp-tools --help <command>' to read about a specific subcommand.
46
+ # See 'seccomp-tools <command> --help' to read about a specific subcommand.
47
47
 
48
- $ seccomp-tools --help dump
48
+ $ seccomp-tools dump --help
49
49
  # dump - Automatically dump seccomp bpf from execution file.
50
50
  #
51
51
  # Usage: seccomp-tools dump [exec] [options]
52
52
  # -c, --sh-exec <command> Executes the given command (via sh).
53
53
  # Use this option if want to pass arguments or do pipe things to the execution file.
54
+ # e.g. use `-c "./bin > /dev/null"` to dump seccomp without being mixed with stdout.
54
55
  # -f, --format FORMAT Output format. FORMAT can only be one of <disasm|raw|inspect>.
55
56
  # Default: disasm
56
57
  # -l, --limit LIMIT Limit the number of calling "prctl(PR_SET_SECCOMP)".
@@ -197,7 +198,7 @@ $ seccomp-tools asm spec/data/libseccomp.asm -f raw | seccomp-tools disasm -
197
198
  # 0005: 0x15 0x03 0x00 0x00000003 if (A == close) goto 0009
198
199
  # 0006: 0x15 0x02 0x00 0x00000020 if (A == dup) goto 0009
199
200
  # 0007: 0x15 0x01 0x00 0x0000003c if (A == exit) goto 0009
200
- # 0008: 0x06 0x00 0x00 0x00050005 return ERRNO
201
+ # 0008: 0x06 0x00 0x00 0x00050005 return ERRNO(5)
201
202
  # 0009: 0x06 0x00 0x00 0x7fff0000 return ALLOW
202
203
  # 0010: 0x06 0x00 0x00 0x00000000 return KILL
203
204
 
@@ -226,7 +227,7 @@ $ seccomp-tools emu spec/data/libseccomp.bpf 0x3
226
227
  # 0005: 0x15 0x03 0x00 0x00000003 if (A == close) goto 0009
227
228
  # 0006: 0x15 0x02 0x00 0x00000020 if (A == dup) goto 0009
228
229
  # 0007: 0x15 0x01 0x00 0x0000003c if (A == exit) goto 0009
229
- # 0008: 0x06 0x00 0x00 0x00050005 return ERRNO
230
+ # 0008: 0x06 0x00 0x00 0x00050005 return ERRNO(5)
230
231
  # 0009: 0x06 0x00 0x00 0x7fff0000 return ALLOW
231
232
  # 0010: 0x06 0x00 0x00 0x00000000 return KILL
232
233
  #
@@ -4,5 +4,8 @@
4
4
  module SeccompTools
5
5
  end
6
6
 
7
+ require 'seccomp-tools/asm/asm'
8
+ require 'seccomp-tools/disasm/disasm'
7
9
  require 'seccomp-tools/dumper'
10
+ require 'seccomp-tools/emulator'
8
11
  require 'seccomp-tools/version'
@@ -30,7 +30,8 @@ module SeccompTools
30
30
  when /^#{Tokenizer::LABEL_REGEXP}:/ then define_label
31
31
  when /^return/ then ret
32
32
  when /^(A|X)\s*=[^=]/ then assign
33
- when /^A\s*.=/ then alu
33
+ when /^mem\[\d+\]\s*=\s*(A|X)/ then store
34
+ when /^A\s*.{1,2}=/ then alu
34
35
  end
35
36
  rescue ArgumentError => e
36
37
  invalid(@input.size - 1, e.message)
@@ -80,12 +81,14 @@ module SeccompTools
80
81
  # <A|X> = 123|sys_const
81
82
  # A = args[i]|sys_number|arch
82
83
  # A = data[4 * i]
84
+ # mem[i] = <A|X>
83
85
  def compile_assign(dst, src)
84
86
  # misc txa / tax
85
87
  return emit(:misc, :txa) if dst == :a && src == :x
86
88
  return emit(:misc, :tax) if dst == :x && src == :a
87
89
  src = evaluate(src)
88
- # TODO: handle store case.
90
+ # case of st / stx
91
+ return emit(src == :x ? :stx : :st, k: dst.last) if dst[0] == :mem
89
92
  ld = dst == :x ? :ldx : :ld
90
93
  # <A|X> = <immi>
91
94
  return emit(ld, :imm, k: src) if src.is_a?(Integer)
@@ -104,7 +107,11 @@ module SeccompTools
104
107
  end
105
108
 
106
109
  def compile_ret(val)
107
- emit(:ret, k: val)
110
+ if val == :a
111
+ src = :a
112
+ val = 0
113
+ end
114
+ emit(:ret, src, k: val)
108
115
  end
109
116
 
110
117
  def compile_cmp(op, val, jt, jf)
@@ -124,7 +131,7 @@ module SeccompTools
124
131
  end
125
132
 
126
133
  def evaluate(val)
127
- return val if val.is_a?(Integer) || val == :x
134
+ return val if val.is_a?(Integer) || val == :x || val == :a
128
135
  # keywords
129
136
  val = case val
130
137
  when 'sys_number' then [:data, 0]
@@ -186,10 +193,16 @@ module SeccompTools
186
193
  token.fetch(:sys_num_x) ||
187
194
  token.fetch(:ary) ||
188
195
  token.fetch('sys_number') ||
189
- token.fetch('arch')
196
+ token.fetch('arch') ||
197
+ raise(ArgumentError, 'Invalid source: ' + token.cur.inspect)
190
198
  [:assign, dst, src]
191
199
  end
192
200
 
201
+ # returns same format as assign
202
+ def store
203
+ [:assign, token.fetch!(:ary), token.fetch!('=') && token.fetch!(:ax)]
204
+ end
205
+
193
206
  def define_label
194
207
  name = token.fetch!(:goto)
195
208
  token.fetch(':')
@@ -197,6 +210,7 @@ module SeccompTools
197
210
  end
198
211
 
199
212
  # A op= sys_num_x
213
+ # TODO: support A = -A
200
214
  def alu
201
215
  token.fetch!('A')
202
216
  op = token.fetch!(:alu_op)
@@ -121,7 +121,7 @@ Invalid return type: #{cur.inspect}.
121
121
 
122
122
  def fetch_ary
123
123
  support_name = %w[data mem args]
124
- regexp = /(#{support_name.join('|')})\[[0-9]{1,2}\]/
124
+ regexp = /(#{support_name.join('|')})\[[0-9]{1,9}\]/
125
125
  match = fetch_regexp(regexp)
126
126
  return nil if match.nil?
127
127
  res, val = match.split('[')
@@ -9,9 +9,9 @@ module SeccompTools
9
9
  module CLI
10
10
  # Handled commands
11
11
  COMMANDS = {
12
- 'dump' => SeccompTools::CLI::Dump,
13
- 'disasm' => SeccompTools::CLI::Disasm,
14
12
  'asm' => SeccompTools::CLI::Asm,
13
+ 'disasm' => SeccompTools::CLI::Disasm,
14
+ 'dump' => SeccompTools::CLI::Dump,
15
15
  'emu' => SeccompTools::CLI::Emu
16
16
  }.freeze
17
17
 
@@ -23,7 +23,7 @@ List of commands:
23
23
 
24
24
  %COMMANDS
25
25
 
26
- See 'seccomp-tools --help <command>' to read about a specific subcommand.
26
+ See 'seccomp-tools <command> --help' to read about a specific subcommand.
27
27
  EOS
28
28
 
29
29
  module_function
@@ -23,7 +23,8 @@ module SeccompTools
23
23
  @parser ||= OptionParser.new do |opt|
24
24
  opt.banner = usage
25
25
  opt.on('-c', '--sh-exec <command>', 'Executes the given command (via sh).',
26
- 'Use this option if want to pass arguments or do pipe things to the execution file.') do |command|
26
+ 'Use this option if want to pass arguments or do pipe things to the execution file.',
27
+ 'e.g. use `-c "./bin > /dev/null"` to dump seccomp without being mixed with stdout.') do |command|
27
28
  option[:command] = command
28
29
  end
29
30
 
@@ -6,8 +6,7 @@ module SeccompTools
6
6
  class RET < Base
7
7
  # Decompile instruction.
8
8
  def decompile
9
- _, type = symbolize
10
- "return #{type == :a ? 'A' : ACTION.invert[type & 0x7fff0000]}"
9
+ "return #{ret_str}"
11
10
  end
12
11
 
13
12
  # See {Instruction::Base#symbolize}.
@@ -22,6 +21,16 @@ module SeccompTools
22
21
  def branch(*)
23
22
  []
24
23
  end
24
+
25
+ private
26
+
27
+ def ret_str
28
+ _, type = symbolize
29
+ return 'A' if type == :a
30
+ str = ACTION.invert[type & 0x7fff0000].to_s
31
+ str += "(#{type & 0xffff})" if str == 'ERRNO'
32
+ str
33
+ end
25
34
  end
26
35
  end
27
36
  end
@@ -10,7 +10,7 @@ module SeccompTools
10
10
  end
11
11
 
12
12
  # See {Instruction::Base#symbolize}.
13
- # @return [[:misc, (:a, :x), Integer]]
13
+ # @return [[:st, (:a, :x), Integer]]
14
14
  def symbolize
15
15
  [:st, reg.downcase.to_sym, k]
16
16
  end
@@ -1,4 +1,4 @@
1
1
  module SeccompTools
2
2
  # Gem version.
3
- VERSION = '1.1.0'.freeze
3
+ VERSION = '1.1.1'.freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: seccomp-tools
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - david942j
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-09-29 00:00:00.000000000 Z
11
+ date: 2017-12-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: codeclimate-test-reporter
@@ -188,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
188
188
  version: '0'
189
189
  requirements: []
190
190
  rubyforge_project:
191
- rubygems_version: 2.5.2
191
+ rubygems_version: 2.6.13
192
192
  signing_key:
193
193
  specification_version: 4
194
194
  summary: seccomp-tools