This commit supports inclusive ranged int, like foo int32[-10~10], which will
generate random integer between -10 and 10. In future we will support more than
one range, like int32[0, -5~10, 50, 100~200]
Type "none" in config says manager to not manage any VMs,
and just manage the corpus (it still server RPCs).
This is useful when something else manages the VMs
and starts fuzzer processes on them.
The new namespace-based sanboxing is good,
but it's not always what one wants
(and also requires special kernel configs).
Change dropprivs config value to sandbox,
which can have different values (currently: none, setuid, namespace).
Setuid mode uses setuid(nobody) before fuzzing as before.
In future we can add more sandboxing modes or, say,
extend -sandbox=setuid to -sandbox=setuid:johndoe
to impersonolate into given user.
When executors send coverage data to the manager, they clamp the addresses
of covered blocks to 32 bits. Manager uses RestorePC() to restore the original
addresses.
Previously, RestorePC() assumed that the upper 4 bytes of a kernel code
address were 0xffffffff, which is not so on Android.
Instead we now parse `readelf -SW vmlinux` output to obtain the upper bytes of
PROGBITS sections VMAs in the case those VMAs are non-zero. We assume that
the upper 4 bytes are the same for every section.
Kmemleak has false positives. To mitigate most of them, it checksums
potentially leaked objects, and reports them only on the next scan
iff the checksum does not change. Because of that we do the following
intricate dance:
Scan, sleep, scan again. At this point we can get some leaks.
If there are leaks, we sleep and scan again, this can remove
false leaks. Then, read kmemleak again. If we get leaks now, then
hopefully these are true positives during the previous testing cycle.
When regenerating system call tables, cope with a local kernel tree where
the kernel has been built into a separate directory (with `make O=...`) rather
than inline.
So:
- LINUX makefile var / -linux command line option give location of source tree
- LINUXBLD makefile var / -linuxbld command line option gives location of
built kernel
This patch sets the ssh loglevel to error to avoid noisy warnings, specifically
known host errors like:
Warning: Permanently added '[localhost]:1569' (ECDSA) to the list of known hosts.
Previously this appeared at the top of every crash report.
