sefcom / retspill Goto Github PK
View Code? Open in Web Editor NEWRetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections
RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections
While running with the main example using the docker environment, I ran into some issues caused by the fact that the code in chain_builder.py
was done with an old version of angrop in mind, so it fails due to some more or less recent changes in the package.
For example:
$ docker build -t retspill .
...
$ docker run --privileged --mount type=bind,source=./exploit_env,target=/test -it --rm retspill bash
root@5bfd706f6d02:/RetSpill/igni# python3 analyzer.py -k /test/CVEs/CVE-2010-2959/kernel/arch/x86/boot/bzImage -e /test/CVEs/CVE-2010-2959/poc/poc
Traceback (most recent call last):
File "/RetSpill/igni/analyzer.py", line 428, in <module>
from chain_builder import ChainBuilder
File "/RetSpill/igni/chain_builder.py", line 13, in <module>
from angrop.gadget_analyzer import GadgetAnalyzer
ModuleNotFoundError: No module named 'angrop.gadget_analyzer'
In this case, this error is due to the fact that gadget_analyzer.py
was moved into the gadget_finder/
directory in the angr commit angr/angrop@07d2b2e.
Not sure if it's better to fix it by updating the code in chain_builder.py
or by pinning the angrop version in the Dockerfile.
As for the non-docker environment, if someone has the last (or a recent) version of angrop installed, I guess they'll bump into the same issues.
For this reason, I went with fixing the code in chain_builder.py
in my fork of RetSpill. I can create a PR if you're interested, or you can just straight copy the changes if they make sense to you.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.