diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2015-11-18 16:30:29 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2015-11-18 16:30:29 +0100 |
| commit | be856bc9e484b4ce3fac847b768fbdb95296f178 (patch) | |
| tree | 5a6660826dc921b6e5c0082c5e2d2d139da5dcf6 | |
| parent | 016b19c61cd83fcf2fb990267b38a3231a5e70a7 (diff) | |
allow local vm to not call setuid (not necessary if started not under root)
| -rw-r--r-- | fuzzer/fuzzer.go | 20 | ||||
| -rw-r--r-- | vm/local/local.go | 2 |
2 files changed, 13 insertions, 9 deletions
diff --git a/fuzzer/fuzzer.go b/fuzzer/fuzzer.go index cdcbcfca6..039030a88 100644 --- a/fuzzer/fuzzer.go +++ b/fuzzer/fuzzer.go @@ -29,13 +29,14 @@ import ( ) var ( - flagName = flag.String("name", "", "unique name for manager") - flagExecutor = flag.String("executor", "", "path to executor binary") - flagManager = flag.String("manager", "", "manager rpc address") - flagStrace = flag.Bool("strace", false, "run executor under strace") - flagSaveProg = flag.Bool("saveprog", false, "save programs into local file before executing") - flagSyscalls = flag.String("calls", "", "comma-delimited list of enabled syscall IDs (empty string for all syscalls)") - flagNoCover = flag.Bool("nocover", false, "disable coverage collection/handling") + flagName = flag.String("name", "", "unique name for manager") + flagExecutor = flag.String("executor", "", "path to executor binary") + flagManager = flag.String("manager", "", "manager rpc address") + flagStrace = flag.Bool("strace", false, "run executor under strace") + flagSaveProg = flag.Bool("saveprog", false, "save programs into local file before executing") + flagSyscalls = flag.String("calls", "", "comma-delimited list of enabled syscall IDs (empty string for all syscalls)") + flagNoCover = flag.Bool("nocover", false, "disable coverage collection/handling") + flagDropPrivs = flag.Bool("dropprivs", true, "impersonate into nobody") flagV = flag.Int("v", 0, "verbosity") ) @@ -102,13 +103,16 @@ func main() { } ct = prog.BuildChoiceTable(r.Prios, calls) - flags := ipc.FlagThreaded | ipc.FlagCollide | ipc.FlagDropPrivs + flags := ipc.FlagThreaded | ipc.FlagCollide if *flagStrace { flags |= ipc.FlagStrace } if !*flagNoCover { flags |= ipc.FlagCover | ipc.FlagDedupCover } + if *flagDropPrivs { + flags |= ipc.FlagDropPrivs + } env, err := ipc.MakeEnv(*flagExecutor, 10*time.Second, flags) if err != nil { panic(err) diff --git a/vm/local/local.go b/vm/local/local.go index 0d4303e89..7af7b2c70 100644 --- a/vm/local/local.go +++ b/vm/local/local.go @@ -73,7 +73,7 @@ func (loc *local) Run() { log.Printf("%v: started\n", name) for run := 0; ; run++ { cmd := exec.Command(loc.Fuzzer, "-name", name, "-saveprog", "-executor", loc.Executor, - "-manager", fmt.Sprintf("localhost:%v", loc.mgrPort)) + "-manager", fmt.Sprintf("localhost:%v", loc.mgrPort), "-dropprivs=0") if loc.syscalls != "" { cmd.Args = append(cmd.Args, "-calls="+loc.syscalls) } |