File: OPENBSD-NOTES.md

package info (click to toggle)
unicorn-engine 2.1.4-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 23,912 kB
  • sloc: ansic: 379,830; python: 9,213; sh: 9,011; java: 8,609; ruby: 4,241; pascal: 1,805; haskell: 1,379; xml: 490; cs: 424; makefile: 348; cpp: 298; asm: 64
file content (69 lines) | stat: -rw-r--r-- 2,261 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
## Circumventing OpenBSD 6.0's W^X Protections

OpenBSD 6.0 and above enforces data-execution prevention (DEP or
W^X) by default, preventing memory from being mapped as 
simultaneously writeable and executable (i.e., W|X). This causes
problems for Unicorn, if left in place.  If you're seeing
errors like the following:
```
/home/git/unicorn >> ./sample_arm
Emulate ARM code
zsh: abort (core dumped)  ./sample_arm
```
then W^X is likely the culprit. If we run it again with ktrace
and look at the output with kdump, we see that this is indeed
the issue:
``` 
 82192 sample_arm CALL  mmap(0,0x800000,0x7<PROT_READ|PROT_WRITE|PROT_EXEC>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0)
 82192 sample_arm PSIG  SIGABRT SIG_DFL
 82192 sample_arm NAMI  "sample_arm.core"
```
Right now, we're in the /home filesystem. Let's look at its mount
options in /etc/fstab:
```
1234abcdcafef00d.g /home ffs rw,nodev,nosuid 1 2
```
If we edit the options to include ```wxallowed```, appending
this after nosuid, for example, then we're golden:
```
1234abcdcafef00d.g /home ffs rw,nodev,nosuid,wxallowed 1 2
```

Note that this *does* diminish the security of your filesystem 
somewhat, and so if you're particularly particular about such
things, we recommend setting up a dedicated filesystem for 
any activities that require ```(W|X)```, such as unicorn
development and testing. 

In order for these changes to take effect, you will need to
reboot. 

_Time passes..._

Let's try this again. There's no need to recompile unicorn or 
the samples, as (W^X) is strictly a runtime issue. 

First, we double check to see if /home has been mounted with
wxallowed:
```
/home >> mount | grep home
/dev/sd3g on /home type ffs (local, nodev, nosuid, wxallowed)
```
Okay, now let's try running that sample again...
```
/home/git/unicorn/samples >> ./sample_arm
Emulate ARM code
>>> Tracing basic block at 0x10000, block size = 0x8
>>> Tracing instruction at 0x10000, instruction size = 0x4
>>> Emulation done. Below is the CPU context
>>> R0 = 0x37
>>> R1 = 0x3456
==========================
Emulate THUMB code
>>> Tracing basic block at 0x10000, block size = 0x2
>>> Tracing instruction at 0x10000, instruction size = 0x2
>>> Emulation done. Below is the CPU context
>>> SP = 0x1228
```
works fine.