title | description | date | tags | |||
---|---|---|---|---|---|---|
my_secmalloc |
Tool that replicates malloc behavior in a secure way |
N/A |
|
C project that securely replicates malloc functionality in order to detect the exploitation of certain vulnerabilities such as double free, heap overflow or memory leak.
You'll need to check that each of these tools is installed on your device:
- git
- make
- criterion build and installed in
/usr
with its dependencies - gef and valgrind for debugging, which will be a great help if you wish to contribute to the project.
git clone git@github.com:guyb27/my_secmalloc.git
cd my_secmalloc/my_secmalloc
Then you have several options for building the project:
make static
which will give you the static librarylibmy_secmalloc.a
in the./build/lib
foldermake dynamic
, which gives you the dynamic librarylibmy_secmalloc.so
in the./build/lib
foldermake test
which gives you the test binarytest
in the./build/test
folder, it works thanks to the static libmake script
which will give you amy_secmalloc.sh
script in the./build
folder, allowing you to run a program with the allocator without having to specifyLD_PRELOAD
.make all
, which builds the two libraries and, at the same time, executes the tests by building the test binary. (actually, make all doesn't build the dynamic library in the right way. dynamic library, you'll see that the malloc, free, realloc and calloc functions aren't present, so you'll need to do a make dynamic or make clean dynamic (if lib.so has already been built) to get a working dynamic library (a patch is currently under development).
You can also directly download the libraries on our repository here!
By default, the program saves its logs in a default file named default_log.txt
. The log file is determined by the MSM_OUTPUT
environment variable, which you are free to modify.
There are two main options for using the allocator with a utility/program:
LD_PRELOAD
, which loads the dynamic library before other libraries:
LD_PRELOAD=./build/lib/libmy_secmalloc.so sl
- Use the script at
./build/my_secmalloc.sh
having been created via amake all
ormake script
which allows you to launch a program with the allocator:
./build/my_secmalloc.sh python3
The script is currently not optimized.
- If you get compilation errors, you may not have installed the necessary dependencies to compile the project. Check that you have installed the necessary dependencies to compile the project.
- If you find yourself running a
make test
and encounter a problem, make sure you've built the static library needed to run the tests. Make sure you've also installed criterion in/usr
and its dependencies. You may also need to perform amake clean static
before redoing amake test
. - At present, the solution does not allow you to run every program, so check that you have the malloc, calloc, realloc and free symbols with this command:
nm libmy_secmalloc.so | grep " T " | grep -v my_ | cut -f3 -d' ' | sort
. If you don't have these symbols, do amake clean
and then amake dynamic
. - For any other error, don't hesitate to open an issue in accordance with the given template.