Created
October 8, 2018 03:25
-
-
Save heatherm/5916523df2c5cc4db0e72a5c5c0413a9 to your computer and use it in GitHub Desktop.
Reference Monitor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
This security layer inadequately handles A/B storage for files in RepyV2. | |
Note: | |
This security layer uses encasementlib.r2py, restrictions.default, repy.py and Python | |
Also you need to give it an application to run. | |
python repy.py restrictions.default encasementlib.r2py [security_layer].r2py [attack_program].r2py | |
""" | |
TYPE = "type" | |
ARGS = "args" | |
RETURN = "return" | |
EXCP = "exceptions" | |
TARGET = "target" | |
FUNC = "func" | |
OBJC = "objc" | |
class ABFile(): | |
def __init__(self, filename, create): | |
self.rLock = createlock() | |
self.wLock = createlock() | |
mycontext['debug'] = False | |
self.Afn = filename + '.a' | |
self.Bfn = filename + '.b' | |
a_exists = self.Afn in listfiles() | |
b_exists = self.Bfn in listfiles() | |
if a_exists: | |
self.Afile = openfile(self.Afn, False) | |
if b_exists: | |
self.Bfile = openfile(self.Bfn, False) | |
if not a_exists: | |
self.Afile = openfile(self.Afn, True) | |
self.Afile.writeat('SE', 0) | |
if not b_exists: | |
self.Bfile = openfile(self.Bfn, True) | |
def writeat(self, data, offset): | |
self.Bfile.writeat(data, offset) | |
def readat(self, bytes, offset): | |
return self.Afile.readat(bytes, offset) | |
def close(self): | |
self.rLock.acquire(True) | |
b_contents = self.Bfile.readat(None, 0) | |
self.rLock.release() | |
if self.b_is_valid(b_contents): | |
self.write_b_to_a(b_contents) | |
self.remove_b() | |
def b_is_valid(self, b_contents): | |
if len(b_contents) < 1: | |
return False | |
start = b_contents[0] | |
end = b_contents[len(b_contents) - 1] | |
return start == 'S' and end == 'E' | |
def write_b_to_a(self, b_contents): | |
self.reset_a() | |
self.wLock.acquire(True) | |
self.Afile.writeat(b_contents, 0) | |
self.wLock.release() | |
self.Afile.close() | |
def reset_a(self): | |
self.remove_a() | |
self.Afile = openfile(self.Afn, True) | |
def remove_a(self): | |
self.Afile.close() | |
removefile(self.Afn) | |
def remove_b(self): | |
self.Bfile.close() | |
removefile(self.Bfn) | |
def ABopenfile(filename, create): | |
return ABFile(filename, create) | |
# The code here sets up type checking and variable hiding for you. You | |
# should not need to change anything below here. | |
sec_file_def = {"obj-type": ABFile, | |
"name": "ABFile", | |
"writeat": {"type": "func", "args": (str, (int, long)), "exceptions": Exception, | |
"return": (int, type(None)), "target": ABFile.writeat}, | |
"readat": {"type": "func", "args": ((int, long, type(None)), (int, long)), "exceptions": Exception, | |
"return": str, "target": ABFile.readat}, | |
"close": {"type": "func", "args": None, "exceptions": None, "return": (bool, type(None)), | |
"target": ABFile.close} | |
} | |
CHILD_CONTEXT_DEF["ABopenfile"] = {TYPE: OBJC, ARGS: (str, bool), EXCP: Exception, RETURN: sec_file_def, | |
TARGET: ABopenfile} | |
# Execute the user code | |
secure_dispatch_module() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment