SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

Driverse 0.57b
Copyright (C) 2005 Flavio Chierichetti. This is free software with ABSOLUTELY NO WARRANTY.

Driverse creates a "secure" environment to test unsecure competition programs. Those competition programs are supposed to: - be statically compiled,
- do all the input/output via files (regular or sockets) whose names are known in advance,
- not be root's or s-uid.

By default, the competition programs run by driverse will retain the privileges of a uid/gid pair chosen randomly between the uids/gids that aren't in the system (uids/gids that aren't in /etc/passwd and /etc/groups).

The uid/gid pair is chosen randomly because, in principle, the test process (run by the user A) could take control of other processes of the user A (exploiting ptrace behaviour).

The uid and/or the gid can be forced via the -u, -g options (the forced uid/gid will still be refused if they're in the system).

Driverse should work on GNU/Linux (a 2.6+ kernel is recommended). Root rights are needed for ``make''-ing it (Driverse need to be root's and s-uid).

Extreme care has been had to make driverse secure. Keep in mind that this is BETA software: if you have any suggestion to improve it, if you find any bug (critical or not), please contact me.

--

EXAMPLE

A non-root user runs:
./driverse -u 12345 -j jailDir/ -t 3000 -T 6000 -b 1000000 \ -i inputFile.txt -i inputSocket.txt \
-o /tmp/outputFile.txt -O outputSocket.txt \ testProgram

First of all, please note that you can't have the same socket for input and output. Each socket has to be strictly an input or an output one. You can have as many files or sockets for input and output as you like, though.

Driverse will only use a uid that's not associated to any user (and a gid that's not associated to any group) for the test process. In theory there could exist another process using that uid or that gid: you should be careful not to spawn a process like that.

In this example driverse would:
1) create the directory ``jailDir/'' and changing its permission so that

``testProgram'' could not create files in it, 2) hardlink ``testProgram'', ``inputFile.txt'', ``inputSocket.txt'' and

``outputSocket.txt'' in the directory ``jailDir/'' (please note that all the sockets must be created in advance), 3) create the empty file ``/tmp/outputFile.txt'' and hardlink it to

``jailDir/'',
4) change the permission of the files so that ``testProgram'' could

only read from the inputs and write on the outputs, 5) start ``testProgram'' chrooted in ``jailDir/'' (with uid 12345 and

gid chosen randomly) with the restraints specified: it should run in at most 3 seconds (3000 milliseconds) of usertime, at most 6 seconds of time and at most 1000000 bytes of virtual memory, 6) write the test output (normal termination, usertime limit exceeded,

timeout reached, signal killed the test process, child returned a non-zero value) in the easily understandable xml file ``testResult.xml'',
7) remove ``jailDir/'' and its content (the hardlinks).

The output files would be available in the locations specified in the command line.

Driverse can't tell for sure if the test process has exceeded its usertime and/or memory limit: those kind of errors will be reported as

<result id="signal" type="signal killed the test process" signal="9" utime="10000" stime="200"/>

Timeouts are precisely reported.

--

USAGE

driverse [-h] [-x path] [-i path]* [-o path]* [-O path]* [-t msec] [-T msec] [-b bytes] [-u uid] [-g gid] [-s seed] [-j path] test 

        -h        display help and exit.
        -x path   output to path instead of stdout.
        -i path   path to one of the input files/sockets (can be repeated).
        -o path   path to one of the output files (can be repeated).
        -O path   path to one of the output sockets (can be repeated).
        -t msec   the usertime (in milliseconds) that the test process can use. [unlimited]
        -T msec   the timeout (in milliseconds) after which the test process will be killed. [no timeout]
        -b bytes  the virtual memory (in bytes) that the test process can use. [unlimited]
        -u uid    run the test program with specified uid. [chosen uniformly at random between unused uids in the interval 1 - 65535]
        -g gid    run the test program with specified gid. [chosen uniformly at random between unused gids in the interval 1 - 65535]
        -s seed   use seed to initialize the pseudo-random number generator. [time() XOR getpid()]
        -j path   path to the jail directory. [jail/]
        test      path to the statically compiled test program.

--

HISTORY

  • 0.57b (2005/11/??)

    test process's uid/gid is chosen at random between unused ones (instead of being equal to those of the user that run driverse).

  • 0.56b (2005/11/19)

    fixed ptrace exploit

  • 0.55b (2005/11/06)

    first public release

--

THANKS

Thanks to Timo Lindfors (timo.lindfors@iki.fi) for pointing out the ptrace exploit, for his ideas on the test process uid/gid selection and for all the advices he's given.

--

For any comments, suggestions or bug reports please contact me at: flavio -at- lightless -dot- org
http://lightless.org/


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.