From e7021ac638b1e697a2fe38914c12a8076a14fc5f Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Sun, 21 Aug 2016 18:07:55 -0700
Subject: [PATCH] prog: don't try to execute ioctl(FIFREEZE) and mknod

ioctl(FIFREEZE) renders machine dead.
FIFREEZE is an interesting thing, and we could test it
in namespace (?) or on manually mounted file systems (?).
But that will require more complex handling.
Disable it until we have that logic.

mknod of char/block devices can do all kinds of nasty stuff
(read/write to IO ports, kernel memory, etc).
Disable it for now.
---
 prog/analysis.go | 40 ++++++++++++++++++----------------------
 1 file changed, 18 insertions(+), 22 deletions(-)

diff --git a/prog/analysis.go b/prog/analysis.go
index c699f3a9..100c2feb 100644
--- a/prog/analysis.go
+++ b/prog/analysis.go
@@ -247,34 +247,30 @@ func sanitizeCall(c *Call) {
 		if flags.Val&MREMAP_MAYMOVE != 0 {
 			flags.Val |= MREMAP_FIXED
 		}
-		// not required if executor drops privileges
-		/*
-			case "mknod":
-				mode := c.Args[1]
-				if mode.Kind != ArgConst {
-					panic("mknod mode is not const")
-				}
-				// Char and block devices read/write io ports, kernel memory and do other nasty things.
-				if mode.Val != S_IFREG && mode.Val != S_IFIFO && mode.Val != S_IFSOCK {
-					mode.Val = S_IFIFO
-				}
-		*/
+	case "mknod":
+		mode := c.Args[1]
+		if mode.Kind != ArgConst {
+			panic("mknod mode is not const")
+		}
+		// Char and block devices read/write io ports, kernel memory and do other nasty things.
+		// TODO: not required if executor drops privileges.
+		if mode.Val != S_IFREG && mode.Val != S_IFIFO && mode.Val != S_IFSOCK {
+			mode.Val = S_IFIFO
+		}
 	case "syslog":
 		cmd := c.Args[0]
 		// These disable console output, but we need it.
 		if cmd.Val == SYSLOG_ACTION_CONSOLE_OFF || cmd.Val == SYSLOG_ACTION_CONSOLE_ON {
 			cmd.Val = SYSLOG_ACTION_SIZE_UNREAD
 		}
-		// not required if executor drops privileges
-		/*
-			case "ioctl":
-				cmd := c.Args[1]
-				// Freeze kills machine. Though, it is an interesting functions,
-				// so we need to test it somehow (TODO).
-				if uint32(cmd.Val) == uint32(FIFREEZE) {
-					cmd.Val = FITHAW
-				}
-		*/
+	case "ioctl":
+		cmd := c.Args[1]
+		// Freeze kills machine. Though, it is an interesting functions,
+		// so we need to test it somehow.
+		// TODO: not required if executor drops privileges.
+		if uint32(cmd.Val) == uint32(FIFREEZE) {
+			cmd.Val = FITHAW
+		}
 	case "ptrace":
 		// PTRACE_TRACEME leads to unkillable processes, see:
 		// https://groups.google.com/forum/#!topic/syzkaller/uGzwvhlCXAw