-
Notifications
You must be signed in to change notification settings - Fork 182
Expand file tree
/
Copy pathmacos.rs
More file actions
98 lines (90 loc) · 3.79 KB
/
macos.rs
File metadata and controls
98 lines (90 loc) · 3.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
use std::{
convert::Infallible,
ffi::OsStr,
os::unix::ffi::{OsStrExt, OsStringExt},
path::{Path, absolute},
};
use bstr::ByteSlice;
use phf::{Set, phf_set};
use crate::{
exec::{Exec, ensure_env},
payload::{EncodedPayload, PAYLOAD_ENV_NAME},
};
pub struct PreExec(Infallible);
impl PreExec {
/// Runs pre-exec operations
///
/// # Errors
///
/// This function never returns an error as the type is `Infallible`
pub fn run(&self) -> nix::Result<()> {
match self.0 {}
}
}
pub fn handle_exec(
command: &mut Exec,
encoded_payload: &EncodedPayload,
) -> nix::Result<Option<PreExec>> {
if command.program.first() != Some(&b'/') {
let program =
absolute(OsStr::from_bytes(&command.program)).expect("Failed to get absolute path");
command.program = program.into_os_string().into_vec().into();
}
let program_path = Path::new(OsStr::from_bytes(&command.program));
let injectable = if let (Some(parent), Some(file_name)) =
(program_path.parent(), program_path.file_name())
{
// Exclude Chrome and Chromium-based browsers
if file_name.as_bytes().windows(6).any(|w| w == b"Chrome" || w == b"chrome")
|| file_name.as_bytes().windows(8).any(|w| w == b"Chromium" || w == b"chromium")
|| command.program.contains_str("Google Chrome")
|| command.program.contains_str("Chromium")
{
false
} else if matches!(parent.as_os_str().as_bytes(), b"/bin" | b"/usr/bin") {
let fixtures = &encoded_payload.payload.fixtures;
if matches!(file_name.as_bytes(), b"sh" | b"bash") {
command.program = fixtures.bash_path.as_bytes().into();
true
} else if COREUTILS_FUNCTIONS.contains(file_name.as_bytes()) {
command.program = fixtures.coreutils_path.as_bytes().into();
true
} else {
false
}
} else {
true
}
} else {
true
};
const DYLD_INSERT_LIBRARIES: &[u8] = b"DYLD_INSERT_LIBRARIES";
if injectable {
ensure_env(
&mut command.envs,
DYLD_INSERT_LIBRARIES,
encoded_payload.payload.preload_path.as_bytes(),
)?;
ensure_env(&mut command.envs, PAYLOAD_ENV_NAME, &encoded_payload.encoded_string)?;
} else {
command.envs.retain(|(name, _)| {
name != DYLD_INSERT_LIBRARIES && name != PAYLOAD_ENV_NAME.as_bytes()
});
}
Ok(None)
}
pub static COREUTILS_FUNCTIONS: Set<&'static [u8]> = phf_set! {
b"[", b"arch", b"b2sum", b"b3sum", b"base32", b"base64", b"basename", b"basenc",
b"cat", b"chgrp", b"chmod", b"chown", b"chroot", b"cksum", b"comm", b"cp", b"csplit",
b"cut", b"date", b"dd", b"df", b"dir", b"dircolors", b"dirname", b"du", b"echo", b"env",
b"expand", b"expr", b"factor", b"false", b"fmt", b"fold", b"groups", b"hashsum", b"head",
b"hostid", b"hostname", b"id", b"install", b"join", b"kill", b"link", b"ln", b"logname",
b"ls", b"md5sum", b"mkdir", b"mkfifo", b"mknod", b"mktemp", b"more", b"mv", b"nice", b"nl",
b"nohup", b"nproc", b"numfmt", b"od", b"paste", b"pathchk", b"pinky", b"pr", b"printenv",
b"printf", b"ptx", b"pwd", b"readlink", b"realpath", b"rm", b"rmdir", b"seq", b"sha1sum",
b"sha224sum", b"sha256sum", b"sha3-224sum", b"sha3-256sum", b"sha3-384sum", b"sha3-512sum",
b"sha384sum", b"sha3sum", b"sha512sum", b"shake128sum", b"shake256sum", b"shred", b"shuf",
b"sleep", b"sort", b"split", b"stat", b"stdbuf", b"stty", b"sum", b"sync", b"tac", b"tail",
b"tee", b"test", b"timeout", b"touch", b"tr", b"true", b"truncate", b"tsort", b"tty", b"uname",
b"unexpand", b"uniq", b"unlink", b"uptime", b"users", b"vdir", b"wc", b"who", b"whoami", b"yes",
};