dropbear: test/parent_dropbear

annotate test/parent_dropbear_map.py @ 1861:2b3a8026a6ce

Add re-exec for server This allows ASLR to re-randomize the address space for every connection, preventing some vulnerabilities from being exploitable by repeated probing. Overhead (memory and time) is yet to be confirmed. At present this is only enabled on Linux. Other BSD platforms with fexecve() would probably also work though have not been tested.

author	Matt Johnston <matt@ucc.asn.au>
date	Sun, 30 Jan 2022 10:14:56 +0800
parents
children	1c9215154d4a

rev	line source
1861 2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 #!/usr/bin/env python3
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 import os
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 import sys
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 import time
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 import psutil
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 from pathlib import Path
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 want_name = "dropbear"
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 # Walks up the parent process tree, prints the first line of /proc/pid/maps when
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 # it finds the wanted name
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 def main():
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 try:
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 for p in psutil.Process().parents():
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 print(p.pid, file=sys.stderr)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 print(p.name(), file=sys.stderr)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 print(p.cmdline(), file=sys.stderr)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 if want_name in p.name():
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 with (Path('/proc') / str(p.pid) / "maps").open() as f:
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 map0 = f.readline().rstrip()
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 print(map0)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 return
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 raise RuntimeError(f"Couldn't find parent {want_name} process")
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 except Exception as e:
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 print(psutil.Process().parents())
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32 for p in psutil.Process().parents():
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 print(p.name())
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 print(e)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 # time.sleep(100)
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 raise
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	37
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	38 if __name__ == "__main__":
2b3a8026a6ce Add re-exec for server Matt Johnston <matt@ucc.asn.au> parents: diff changeset	39 main()

Mercurial > dropbear

annotate test/parent_dropbear_map.py @ 1861:2b3a8026a6ce