seccomp-tools 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +7 -6
- data/lib/seccomp-tools.rb +3 -0
- data/lib/seccomp-tools/asm/compiler.rb +19 -5
- data/lib/seccomp-tools/asm/tokenizer.rb +1 -1
- data/lib/seccomp-tools/cli/cli.rb +3 -3
- data/lib/seccomp-tools/cli/dump.rb +2 -1
- data/lib/seccomp-tools/instruction/ret.rb +11 -2
- data/lib/seccomp-tools/instruction/st.rb +1 -1
- data/lib/seccomp-tools/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e486ade31fe2b1da262f3636060b4d0b3947fb29
|
4
|
+
data.tar.gz: c65f8074f25cb4b3806726a04d2c2377d44b3ec4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4fbb16ae849bcfc0d17eb8bbcb36f4e7906adb3da00f8bcc31712b69a299e3d3a4f659227e1668f8809433f5c4805170fd79e4934c174a4c455438bca6973361
|
7
|
+
data.tar.gz: a3aba5b768d38fe50f4533a60f7f9cc9d592429803a17728101f721d1aaaf767fcec270ffe59d08bd36763e542e48af48774a707d30dcba71d3920fc6a05123c
|
data/README.md
CHANGED
@@ -38,19 +38,20 @@ $ seccomp-tools --help
|
|
38
38
|
#
|
39
39
|
# List of commands:
|
40
40
|
#
|
41
|
-
# dump Automatically dump seccomp bpf from execution file.
|
42
|
-
# disasm Disassemble seccomp bpf.
|
43
41
|
# asm Seccomp bpf assembler.
|
42
|
+
# disasm Disassemble seccomp bpf.
|
43
|
+
# dump Automatically dump seccomp bpf from execution file.
|
44
44
|
# emu Emulate seccomp rules.
|
45
45
|
#
|
46
|
-
# See 'seccomp-tools
|
46
|
+
# See 'seccomp-tools <command> --help' to read about a specific subcommand.
|
47
47
|
|
48
|
-
$ seccomp-tools --help
|
48
|
+
$ seccomp-tools dump --help
|
49
49
|
# dump - Automatically dump seccomp bpf from execution file.
|
50
50
|
#
|
51
51
|
# Usage: seccomp-tools dump [exec] [options]
|
52
52
|
# -c, --sh-exec <command> Executes the given command (via sh).
|
53
53
|
# Use this option if want to pass arguments or do pipe things to the execution file.
|
54
|
+
# e.g. use `-c "./bin > /dev/null"` to dump seccomp without being mixed with stdout.
|
54
55
|
# -f, --format FORMAT Output format. FORMAT can only be one of <disasm|raw|inspect>.
|
55
56
|
# Default: disasm
|
56
57
|
# -l, --limit LIMIT Limit the number of calling "prctl(PR_SET_SECCOMP)".
|
@@ -197,7 +198,7 @@ $ seccomp-tools asm spec/data/libseccomp.asm -f raw | seccomp-tools disasm -
|
|
197
198
|
# 0005: 0x15 0x03 0x00 0x00000003 if (A == close) goto 0009
|
198
199
|
# 0006: 0x15 0x02 0x00 0x00000020 if (A == dup) goto 0009
|
199
200
|
# 0007: 0x15 0x01 0x00 0x0000003c if (A == exit) goto 0009
|
200
|
-
# 0008: 0x06 0x00 0x00 0x00050005 return ERRNO
|
201
|
+
# 0008: 0x06 0x00 0x00 0x00050005 return ERRNO(5)
|
201
202
|
# 0009: 0x06 0x00 0x00 0x7fff0000 return ALLOW
|
202
203
|
# 0010: 0x06 0x00 0x00 0x00000000 return KILL
|
203
204
|
|
@@ -226,7 +227,7 @@ $ seccomp-tools emu spec/data/libseccomp.bpf 0x3
|
|
226
227
|
# 0005: 0x15 0x03 0x00 0x00000003 if (A == close) goto 0009
|
227
228
|
# 0006: 0x15 0x02 0x00 0x00000020 if (A == dup) goto 0009
|
228
229
|
# 0007: 0x15 0x01 0x00 0x0000003c if (A == exit) goto 0009
|
229
|
-
# 0008: 0x06 0x00 0x00 0x00050005 return ERRNO
|
230
|
+
# 0008: 0x06 0x00 0x00 0x00050005 return ERRNO(5)
|
230
231
|
# 0009: 0x06 0x00 0x00 0x7fff0000 return ALLOW
|
231
232
|
# 0010: 0x06 0x00 0x00 0x00000000 return KILL
|
232
233
|
#
|
data/lib/seccomp-tools.rb
CHANGED
@@ -30,7 +30,8 @@ module SeccompTools
|
|
30
30
|
when /^#{Tokenizer::LABEL_REGEXP}:/ then define_label
|
31
31
|
when /^return/ then ret
|
32
32
|
when /^(A|X)\s*=[^=]/ then assign
|
33
|
-
when /^
|
33
|
+
when /^mem\[\d+\]\s*=\s*(A|X)/ then store
|
34
|
+
when /^A\s*.{1,2}=/ then alu
|
34
35
|
end
|
35
36
|
rescue ArgumentError => e
|
36
37
|
invalid(@input.size - 1, e.message)
|
@@ -80,12 +81,14 @@ module SeccompTools
|
|
80
81
|
# <A|X> = 123|sys_const
|
81
82
|
# A = args[i]|sys_number|arch
|
82
83
|
# A = data[4 * i]
|
84
|
+
# mem[i] = <A|X>
|
83
85
|
def compile_assign(dst, src)
|
84
86
|
# misc txa / tax
|
85
87
|
return emit(:misc, :txa) if dst == :a && src == :x
|
86
88
|
return emit(:misc, :tax) if dst == :x && src == :a
|
87
89
|
src = evaluate(src)
|
88
|
-
#
|
90
|
+
# case of st / stx
|
91
|
+
return emit(src == :x ? :stx : :st, k: dst.last) if dst[0] == :mem
|
89
92
|
ld = dst == :x ? :ldx : :ld
|
90
93
|
# <A|X> = <immi>
|
91
94
|
return emit(ld, :imm, k: src) if src.is_a?(Integer)
|
@@ -104,7 +107,11 @@ module SeccompTools
|
|
104
107
|
end
|
105
108
|
|
106
109
|
def compile_ret(val)
|
107
|
-
|
110
|
+
if val == :a
|
111
|
+
src = :a
|
112
|
+
val = 0
|
113
|
+
end
|
114
|
+
emit(:ret, src, k: val)
|
108
115
|
end
|
109
116
|
|
110
117
|
def compile_cmp(op, val, jt, jf)
|
@@ -124,7 +131,7 @@ module SeccompTools
|
|
124
131
|
end
|
125
132
|
|
126
133
|
def evaluate(val)
|
127
|
-
return val if val.is_a?(Integer) || val == :x
|
134
|
+
return val if val.is_a?(Integer) || val == :x || val == :a
|
128
135
|
# keywords
|
129
136
|
val = case val
|
130
137
|
when 'sys_number' then [:data, 0]
|
@@ -186,10 +193,16 @@ module SeccompTools
|
|
186
193
|
token.fetch(:sys_num_x) ||
|
187
194
|
token.fetch(:ary) ||
|
188
195
|
token.fetch('sys_number') ||
|
189
|
-
token.fetch('arch')
|
196
|
+
token.fetch('arch') ||
|
197
|
+
raise(ArgumentError, 'Invalid source: ' + token.cur.inspect)
|
190
198
|
[:assign, dst, src]
|
191
199
|
end
|
192
200
|
|
201
|
+
# returns same format as assign
|
202
|
+
def store
|
203
|
+
[:assign, token.fetch!(:ary), token.fetch!('=') && token.fetch!(:ax)]
|
204
|
+
end
|
205
|
+
|
193
206
|
def define_label
|
194
207
|
name = token.fetch!(:goto)
|
195
208
|
token.fetch(':')
|
@@ -197,6 +210,7 @@ module SeccompTools
|
|
197
210
|
end
|
198
211
|
|
199
212
|
# A op= sys_num_x
|
213
|
+
# TODO: support A = -A
|
200
214
|
def alu
|
201
215
|
token.fetch!('A')
|
202
216
|
op = token.fetch!(:alu_op)
|
@@ -121,7 +121,7 @@ Invalid return type: #{cur.inspect}.
|
|
121
121
|
|
122
122
|
def fetch_ary
|
123
123
|
support_name = %w[data mem args]
|
124
|
-
regexp = /(#{support_name.join('|')})\[[0-9]{1,
|
124
|
+
regexp = /(#{support_name.join('|')})\[[0-9]{1,9}\]/
|
125
125
|
match = fetch_regexp(regexp)
|
126
126
|
return nil if match.nil?
|
127
127
|
res, val = match.split('[')
|
@@ -9,9 +9,9 @@ module SeccompTools
|
|
9
9
|
module CLI
|
10
10
|
# Handled commands
|
11
11
|
COMMANDS = {
|
12
|
-
'dump' => SeccompTools::CLI::Dump,
|
13
|
-
'disasm' => SeccompTools::CLI::Disasm,
|
14
12
|
'asm' => SeccompTools::CLI::Asm,
|
13
|
+
'disasm' => SeccompTools::CLI::Disasm,
|
14
|
+
'dump' => SeccompTools::CLI::Dump,
|
15
15
|
'emu' => SeccompTools::CLI::Emu
|
16
16
|
}.freeze
|
17
17
|
|
@@ -23,7 +23,7 @@ List of commands:
|
|
23
23
|
|
24
24
|
%COMMANDS
|
25
25
|
|
26
|
-
See 'seccomp-tools
|
26
|
+
See 'seccomp-tools <command> --help' to read about a specific subcommand.
|
27
27
|
EOS
|
28
28
|
|
29
29
|
module_function
|
@@ -23,7 +23,8 @@ module SeccompTools
|
|
23
23
|
@parser ||= OptionParser.new do |opt|
|
24
24
|
opt.banner = usage
|
25
25
|
opt.on('-c', '--sh-exec <command>', 'Executes the given command (via sh).',
|
26
|
-
'Use this option if want to pass arguments or do pipe things to the execution file.'
|
26
|
+
'Use this option if want to pass arguments or do pipe things to the execution file.',
|
27
|
+
'e.g. use `-c "./bin > /dev/null"` to dump seccomp without being mixed with stdout.') do |command|
|
27
28
|
option[:command] = command
|
28
29
|
end
|
29
30
|
|
@@ -6,8 +6,7 @@ module SeccompTools
|
|
6
6
|
class RET < Base
|
7
7
|
# Decompile instruction.
|
8
8
|
def decompile
|
9
|
-
|
10
|
-
"return #{type == :a ? 'A' : ACTION.invert[type & 0x7fff0000]}"
|
9
|
+
"return #{ret_str}"
|
11
10
|
end
|
12
11
|
|
13
12
|
# See {Instruction::Base#symbolize}.
|
@@ -22,6 +21,16 @@ module SeccompTools
|
|
22
21
|
def branch(*)
|
23
22
|
[]
|
24
23
|
end
|
24
|
+
|
25
|
+
private
|
26
|
+
|
27
|
+
def ret_str
|
28
|
+
_, type = symbolize
|
29
|
+
return 'A' if type == :a
|
30
|
+
str = ACTION.invert[type & 0x7fff0000].to_s
|
31
|
+
str += "(#{type & 0xffff})" if str == 'ERRNO'
|
32
|
+
str
|
33
|
+
end
|
25
34
|
end
|
26
35
|
end
|
27
36
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: seccomp-tools
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- david942j
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-12-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: codeclimate-test-reporter
|
@@ -188,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
188
188
|
version: '0'
|
189
189
|
requirements: []
|
190
190
|
rubyforge_project:
|
191
|
-
rubygems_version: 2.
|
191
|
+
rubygems_version: 2.6.13
|
192
192
|
signing_key:
|
193
193
|
specification_version: 4
|
194
194
|
summary: seccomp-tools
|