Index: head/security/sandsifter/Makefile =================================================================== --- head/security/sandsifter/Makefile (revision 507954) +++ head/security/sandsifter/Makefile (revision 507955) @@ -1,49 +1,47 @@ # $FreeBSD$ PORTNAME= sandsifter -PORTVERSION= 1.03 +PORTVERSION= 1.04 DISTVERSIONPREFIX=v CATEGORIES= security MAINTAINER= rene@FreeBSD.org COMMENT= Processor fuzzer for x86 CPUs LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE ONLY_FOR_ARCHS= amd64 i386 ONLY_FOR_ARCHS_REASON=Designed for x86 BUILD_DEPENDS= ${LOCALBASE}/include/capstone/capstone.h:devel/capstone3 RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}capstone>0:devel/py-capstone@${PY_FLAVOR} -USES= gmake python localbase shebangfix +USES= gmake python:2.7 localbase shebangfix USE_GITHUB= yes GH_ACCOUNT= rigred SHEBANG_FILES= sifter.py sifter-summarize.py OPTIONS_DEFINE= DOCS PORTDOCS= references/* post-patch: - ${REINPLACE_CMD} -e 's,/proc/cpuinfo,/compat/linux/proc/cpuinfo,' \ - -e 's,/usr/sbin,${PREFIX}/sbin,' \ - ${WRKSRC}/sifter.py + ${REINPLACE_CMD} -e 's,/usr/sbin,${PREFIX}/sbin,' ${WRKSRC}/sifter.py do-install: (cd ${WRKSRC} && ${COPYTREE_SHARE} gui ${STAGEDIR}${DATADIR}) (cd ${WRKSRC} && ${COPYTREE_SHARE} pyutil ${STAGEDIR}${DATADIR}) ${INSTALL_PROGRAM} ${WRKSRC}/sifter-injector ${STAGEDIR}${PREFIX}/sbin ${INSTALL_SCRIPT} ${WRKSRC}/sifter.py ${STAGEDIR}${DATADIR} ${INSTALL_SCRIPT} ${WRKSRC}/sifter-summarize.py ${STAGEDIR}${DATADIR} ${RLN} ${STAGEDIR}${DATADIR}/sifter.py ${STAGEDIR}${PREFIX}/bin/sifter ${RLN} ${STAGEDIR}${DATADIR}/sifter-summarize.py ${STAGEDIR}${PREFIX}/bin/sifter-summarize ${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} post-install-DOCS-on: ${INSTALL_DATA} ${WRKSRC}/references/* ${STAGEDIR}${DOCSDIR} .include Index: head/security/sandsifter/distinfo =================================================================== --- head/security/sandsifter/distinfo (revision 507954) +++ head/security/sandsifter/distinfo (revision 507955) @@ -1,3 +1,3 @@ -TIMESTAMP = 1547931250 -SHA256 (rigred-sandsifter-v1.03_GH0.tar.gz) = aece752dbe1831b2c215d9345b124ad9fb0180996dc81bff34fdc3a609332e9c -SIZE (rigred-sandsifter-v1.03_GH0.tar.gz) = 5288254 +TIMESTAMP = 1564689727 +SHA256 (rigred-sandsifter-v1.04_GH0.tar.gz) = c62087155077190f7abe3e2646595b336b8f7f626e7fae63af5dbcc7c66f33be +SIZE (rigred-sandsifter-v1.04_GH0.tar.gz) = 5288475 Index: head/security/sandsifter/files/patch-injector.c =================================================================== --- head/security/sandsifter/files/patch-injector.c (revision 507954) +++ head/security/sandsifter/files/patch-injector.c (nonexistent) @@ -1,107 +0,0 @@ ---- injector.c.orig 2017-07-27 19:17:30 UTC -+++ injector.c -@@ -77,10 +77,24 @@ cs_insn *capstone_insn; - - /* 32 vs 64 */ - --#if __x86_64__ -- #define IP REG_RIP -+#ifdef __linux__ -+# define PAGE_SIZE 4096 -+# define EFL gregs[REG_EFL] -+# if __x86_64__ -+# define IP gregs[REG_RIP] -+# else -+# define IP gregs[REG_EIP] -+# endif - #else -- #define IP REG_EIP -+# include -+ typedef cpuset_t cpu_set_t; -+# if __x86_64__ -+# define IP mc_rip -+# define EFL mc_rflags -+# else -+# define IP mc_eip -+# define EFL mc_eflags -+# endif - #endif - - /* leave state as 0 */ -@@ -155,7 +169,6 @@ state_t inject_state={ - /* x86/64 */ - - #define UD2_SIZE 2 --#define PAGE_SIZE 4096 - #define TF 0x100 - - /* injection */ -@@ -293,6 +306,10 @@ ignore_op_t opcode_blacklist[MAX_BLACKLIST]={ - { "\xcd\x80", "int 0x80" }, - /* as will syscall */ - { "\x0f\x05", "syscall" }, -+ /* int 92 on FreeBSD triggers DTrace, which will trigger SIGSYS */ -+ { "\xcd\x92", "int 0x92" }, -+ /* int 93 on FreeBSD is used by Xen */ -+ { "\xcd\x93", "int 0x93" }, - /* ud2 is an undefined opcode, and messes up a length differential search - * b/c of the fault it throws */ - { "\x0f\xb9", "ud2" }, -@@ -850,7 +867,7 @@ void inject(int insn_size) - void state_handler(int signum, siginfo_t* si, void* p) - { - fault_context=((ucontext_t*)p)->uc_mcontext; -- ((ucontext_t*)p)->uc_mcontext.gregs[IP]+=UD2_SIZE; -+ ((ucontext_t*)p)->uc_mcontext.IP+=UD2_SIZE; - } - - void fault_handler(int signum, siginfo_t* si, void* p) -@@ -863,7 +880,7 @@ void fault_handler(int signum, siginfo_t* si, void* p) - - /* make an initial estimate on the instruction length from the fault address */ - insn_length= -- (uintptr_t)uc->uc_mcontext.gregs[IP]-(uintptr_t)packet-preamble_length; -+ (uintptr_t)uc->uc_mcontext.IP-(uintptr_t)packet-preamble_length; - - if (insn_length<0) { - insn_length=JMP_LENGTH; -@@ -880,9 +897,13 @@ void fault_handler(int signum, siginfo_t* si, void* p) - (signum==SIGSEGV||signum==SIGBUS)?(uint32_t)(uintptr_t)si->si_addr:(uint32_t)-1 - }; - -+#ifdef __linux__ - memcpy(uc->uc_mcontext.gregs, fault_context.gregs, sizeof(fault_context.gregs)); -- uc->uc_mcontext.gregs[IP]=(uintptr_t)&resume; -- uc->uc_mcontext.gregs[REG_EFL]&=~TF; -+#else -+ memcpy(&uc->uc_mcontext, &fault_context, sizeof(fault_context)); -+#endif -+ uc->uc_mcontext.IP=(uintptr_t)&resume; -+ uc->uc_mcontext.EFL&=~TF; - } - - void configure_sig_handler(void (*handler)(int, siginfo_t*, void*)) -@@ -1341,7 +1362,13 @@ void pin_core(void) - cpu_set_t mask; - CPU_ZERO(&mask); - CPU_SET(config.core,&mask); -- if (sched_setaffinity(0, sizeof(mask), &mask)) { -+#ifdef __linux__ -+ if (sched_setaffinity(0, sizeof(mask), &mask)) -+#else -+ if (cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_PID, -+ -1, sizeof(mask), &mask)) -+#endif -+ { - printf("error: failed to set cpu\n"); - exit(1); - } -@@ -1439,7 +1466,7 @@ int main(int argc, char** argv) - null_p=mmap(0, PAGE_SIZE, PROT_READ|PROT_WRITE, - MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); - if (null_p==MAP_FAILED) { -- printf("null access requires running as root\n"); -+ printf("null access requires running as root, %i\n", errno); - exit(1); - } - } Property changes on: head/security/sandsifter/files/patch-injector.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/sandsifter/files/patch-sifter.py =================================================================== --- head/security/sandsifter/files/patch-sifter.py (nonexistent) +++ head/security/sandsifter/files/patch-sifter.py (revision 507955) @@ -0,0 +1,50 @@ +--- sifter.py.orig 2019-07-31 14:21:48 UTC ++++ sifter.py +@@ -59,7 +59,7 @@ class InjectorResults(Structure): + ('signum', c_int), + ('sicode', c_int), + ('siaddr', c_int), +- ] ++ ] + + class Settings: + SYNTH_MODE_RANDOM = "r" +@@ -643,8 +643,8 @@ class Gui: + # red. doesn't happen if using a new random string each + # time; doesn't happen if using a constant string each + # time. only happens with the specific implementation below. +- #TODO: on systems with limited color settings, this +- # makes the background look like random characters ++ #TODO: on systems with limited color settings, this ++ # makes the background look like random characters + random_string = ("%02x" % random.randint(0,100)) * (raw_width-2) + self.stdscr.addstr(top + 1 + y, left, random_string, curses.color_pair(self.BLACK)) + +@@ -709,7 +709,7 @@ class Gui: + + def get_cpu_info(): + cpu_path = "/proc/cpuinfo" +- if platform.system == "FreeBSD": ++ if platform.system() == "FreeBSD": + cpu_path = "/compat/linux%s" % cpu_path + with open(cpu_path, "r") as f: + cpu = [l.strip() for l in f.readlines()[:7]] +@@ -790,7 +790,8 @@ def main(): + # Pick the first valid injector entry, this is not ideal but it should work fine + INJECTOR = INJECTOR[0] + print("Using injector from: %s" % INJECTOR) +- print("Injector BuildID: %s" % subprocess.check_output(['eu-readelf', '-n', INJECTOR]).split()[-1]) ++ if platform.system() != "FreeBSD": ++ print("Injector BuildID: %s" % subprocess.check_output(['eu-readelf', '-n', INJECTOR]).split()[-1]) + + + parser = argparse.ArgumentParser() +@@ -851,7 +852,7 @@ def main(): + TICK = os.path.join(OUTPUT, "tick") + LAST = os.path.join(OUTPUT, "last") + else: +- print("warning: no log output path (--out) specified, results will be recorded to %s \nManualy specify a (--out) output path if you want your results recorded elsewhere." % OUTPUT) ++ print("warning: no log output path (--out) specified, results will be recorded to %s \nManualy specify a (--out) output path if you want your results recorded elsewhere." % OUTPUT) + # Wait to show message to user. + time.sleep(3) + # Create /tmp directory if it does not exist already, here we use much less strict checks. Property changes on: head/security/sandsifter/files/patch-sifter.py ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/security/sandsifter/pkg-descr =================================================================== --- head/security/sandsifter/pkg-descr (revision 507954) +++ head/security/sandsifter/pkg-descr (revision 507955) @@ -1,12 +1,12 @@ -The sandsifter audits x86 processors for hidden instructions and +The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor's instruction set, and monitoring execution for anomalies. Sandsifter has uncovered secret processor instructions from every major vendor; ubiquitous software bugs in disassemblers, assemblers, and emulators; flaws in enterprise hypervisors; and both benign and security-critical hardware bugs in x86 chips. Run this program under sudo so that it will use the correct directories to store its data. WWW: https://github.com/rigred/sandsifter