|
|
|
|
@ -33,24 +33,31 @@
|
|
|
|
|
# task.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
# 输出脚本的作者信息
|
|
|
|
|
echo "cgroup tool for afl-fuzz by <samir.hakim@nyu.edu> and <dwheeler@ida.org>"
|
|
|
|
|
echo
|
|
|
|
|
|
|
|
|
|
# 清除NEW_USER变量的值
|
|
|
|
|
unset NEW_USER
|
|
|
|
|
# 设置默认内存限制为50MB
|
|
|
|
|
MEM_LIMIT="50"
|
|
|
|
|
|
|
|
|
|
# 解析命令行参数
|
|
|
|
|
while getopts "+u:m:" opt; do
|
|
|
|
|
|
|
|
|
|
case "$opt" in
|
|
|
|
|
|
|
|
|
|
# -u 参数用于指定运行fuzzer的用户
|
|
|
|
|
"u")
|
|
|
|
|
NEW_USER="$OPTARG"
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
# -m 参数用于设置内存限制,单位为MB
|
|
|
|
|
"m")
|
|
|
|
|
MEM_LIMIT="$[OPTARG]"
|
|
|
|
|
MEM_LIMIT="$OPTARG"
|
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
# 如果遇到未知参数,退出脚本
|
|
|
|
|
"?")
|
|
|
|
|
exit 1
|
|
|
|
|
;;
|
|
|
|
|
@ -59,17 +66,22 @@ while getopts "+u:m:" opt; do
|
|
|
|
|
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# 检查内存限制是否低于安全阈值
|
|
|
|
|
if [ "$MEM_LIMIT" -lt "5" ]; then
|
|
|
|
|
echo "[-] Error: malformed or dangerously low value of -m." 1>&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# 移除已解析的选项,保留fuzz命令
|
|
|
|
|
shift $((OPTIND-1))
|
|
|
|
|
|
|
|
|
|
# 获取目标二进制文件路径
|
|
|
|
|
TARGET_BIN="$1"
|
|
|
|
|
|
|
|
|
|
# 检查是否提供了必要的参数
|
|
|
|
|
if [ "$TARGET_BIN" = "" -o "$NEW_USER" = "" ]; then
|
|
|
|
|
|
|
|
|
|
# 输出使用说明
|
|
|
|
|
cat 1>&2 <<_EOF_
|
|
|
|
|
Usage: $0 [ options ] -- /path/to/afl-fuzz [ ...afl options... ]
|
|
|
|
|
|
|
|
|
|
@ -89,75 +101,81 @@ conjunction with '-m none' passed to the afl-fuzz binary itself, say:
|
|
|
|
|
|
|
|
|
|
_EOF_
|
|
|
|
|
|
|
|
|
|
# 因为缺少必要的参数,退出脚本
|
|
|
|
|
exit 1
|
|
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Basic sanity checks
|
|
|
|
|
|
|
|
|
|
# 基本的系统检查
|
|
|
|
|
# 检查是否为Linux系统
|
|
|
|
|
if [ ! "`uname -s`" = "Linux" ]; then
|
|
|
|
|
echo "[-] Error: this tool does not support non-Linux systems." 1>&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# 检查是否以root用户运行脚本
|
|
|
|
|
if [ ! "`id -u`" = "0" ]; then
|
|
|
|
|
echo "[-] Error: you need to run this script as root (sorry!)." 1>&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# 检查是否安装了cgroup工具
|
|
|
|
|
if ! type cgcreate 2>/dev/null 1>&2; then
|
|
|
|
|
|
|
|
|
|
echo "[-] Error: you need to install cgroup tools first." 1>&2
|
|
|
|
|
|
|
|
|
|
# 根据包管理器提供安装命令建议
|
|
|
|
|
if type apt-get 2>/dev/null 1>&2; then
|
|
|
|
|
echo " (Perhaps 'apt-get install cgroup-bin' will work.)" 1>&2
|
|
|
|
|
elif type yum 2>/dev/null 1>&2; then
|
|
|
|
|
echo " (Perhaps 'yum install libcgroup-tools' will work.)" 1>&2
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# 因为缺少必要的工具,退出脚本
|
|
|
|
|
exit 1
|
|
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# 检查指定的用户是否存在
|
|
|
|
|
if ! id -u "$NEW_USER" 2>/dev/null 1>&2; then
|
|
|
|
|
echo "[-] Error: user '$NEW_USER' does not seem to exist." 1>&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Create a new cgroup path if necessary... We used PID-keyed groups to keep
|
|
|
|
|
# parallel afl-fuzz tasks separate from each other.
|
|
|
|
|
|
|
|
|
|
CID="afl-$NEW_USER-$$"
|
|
|
|
|
# 创建一个新的cgroup路径(如果必要),使用PID键值组来确保并行的afl-fuzz任务相互独立
|
|
|
|
|
CID="afl-$NEW_USER-$"
|
|
|
|
|
|
|
|
|
|
CPATH="/sys/fs/cgroup/memory/$CID"
|
|
|
|
|
|
|
|
|
|
# 如果路径不存在,则创建cgroup
|
|
|
|
|
if [ ! -d "$CPATH" ]; then
|
|
|
|
|
|
|
|
|
|
cgcreate -a "$NEW_USER" -g memory:"$CID" || exit 1
|
|
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Set the appropriate limit...
|
|
|
|
|
|
|
|
|
|
# 设置内存限制
|
|
|
|
|
# 如果系统支持交换空间限制,则同时设置内存和交换空间限制
|
|
|
|
|
if [ -f "$CPATH/memory.memsw.limit_in_bytes" ]; then
|
|
|
|
|
|
|
|
|
|
echo "${MEM_LIMIT}M" > "$CPATH/memory.limit_in_bytes" 2>/dev/null
|
|
|
|
|
echo "${MEM_LIMIT}M" > "$CPATH/memory.memsw.limit_in_bytes" || exit 1
|
|
|
|
|
echo "${MEM_LIMIT}M" > "$CPATH/memory.limit_in_bytes" || exit 1
|
|
|
|
|
|
|
|
|
|
# 如果系统有启用交换空间,则要求先禁用交换空间
|
|
|
|
|
elif grep -qE 'partition|file' /proc/swaps; then
|
|
|
|
|
|
|
|
|
|
echo "[-] Error: your system requires swap to be disabled first (swapoff -a)." 1>&2
|
|
|
|
|
exit 1
|
|
|
|
|
|
|
|
|
|
# 如果系统不支持交换空间限制,则仅设置内存限制
|
|
|
|
|
else
|
|
|
|
|
|
|
|
|
|
echo "${MEM_LIMIT}M" > "$CPATH/memory.limit_in_bytes" || exit 1
|
|
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# All right. At this point, we can just run the command.
|
|
|
|
|
|
|
|
|
|
# 运行fuzz命令,并确保其在设置的cgroup内存限制下执行
|
|
|
|
|
cgexec -g "memory:$CID" su -c "$*" "$NEW_USER"
|
|
|
|
|
|
|
|
|
|
# 删除cgroup以清理资源
|
|
|
|
|
cgdelete -g "memory:$CID"
|
|
|
|
|
|
