blob: 26be9d9f8cd3bcae3294fb0e8492ed3b1a93e8de (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
#!/bin/bash
# written by jhertz
#
test "$1" = "-h" -o "$1" = "-hh" -o "$1" = "--help" && {
echo 'afl-persistent-config'
echo
echo $0
echo
echo afl-persistent-config has no command line options
echo
echo afl-persistent-config permanently reconfigures the system to a high performance fuzzing state.
echo "WARNING: this reduces the security of the system!"
echo
echo Note that there is also afl-system-config which sets additional runtime
echo configuration options.
exit 0
}
if [ $# -ne 0 ]; then
echo "ERROR: Unknown option(s): $@"
exit 1
fi
echo
echo "WARNING: This scripts makes permanent configuration changes to the system to"
echo " increase the performance for fuzzing. As a result, the system also"
echo " becomes less secure against attacks! If you use this script, setup"
echo " strong firewall rules and only make SSH available as a network"
echo " service!"
echo
echo -n "Type \"YES\" to continue: "
read ANSWER
if [[ "$ANSWER" != "YES" ]]; then
echo Input was not YES, aborting ...
exit 1
fi
echo
PLATFORM=`uname -s`
ARCH=`uname -m`
# check that we're on Mac
if [[ "$PLATFORM" = "Darwin" ]] ; then
# check if UID == 0
if [[ "$EUID" -ne 0 ]]; then
echo "You need to be root to do this. E.g. use \"sudo\""
exit 1
fi
# check if SIP is disabled
if [[ ! $(csrutil status | grep "disabled") ]]; then
echo "SIP needs to be disabled. Restart and press Command-R at reboot, Utilities => Terminal => enter \"csrutil disable\""
exit 1
fi
echo "Checks passed."
echo "Installing /Library/LaunchDaemons/shm_setup.plist"
cat << EOF > /Library/LaunchDaemons/shm_setup.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>shmemsetup</string>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/sysctl</string>
<string>-w</string>
<string>kern.sysv.shmmax=524288000</string>
<string>kern.sysv.shmmin=1</string>
<string>kern.sysv.shmmni=128</string>
<string>kern.sysv.shmseg=48</string>
<string>kern.sysv.shmall=131072000</string>
</array>
<key>KeepAlive</key>
<false/>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
EOF
if [[ "$ARCH" = "x86_64" ]]; then
echo "Disabling ASLR system wide"
nvram boot-args="no_aslr=1"
else
echo NOTICE: on ARM64 we do not know currently how to disable system wide ASLR, please report if you know how.
fi
echo
echo "Reboot and enjoy your fuzzing"
exit 0
fi
if [[ "$PLATFORM" = "Linux" ]] ; then
# check if UID == 0
if [[ "$EUID" -ne 0 ]]; then
echo "You need to be root to do this. E.g. use \"sudo\""
exit 1
fi
echo "Checks passed."
test -d /etc/sysctl.d || echo Error: /etc/sysctl.d directory not found, cannot install shmem config
test -d /etc/sysctl.d -a '!' -e /etc/sysctl.d/99-fuzzing.conf && {
echo "Installing /etc/sysctl.d/99-fuzzing.conf"
cat << EOF > /etc/sysctl.d/99-fuzzing.conf
kernel.core_uses_pid=0
kernel.core_pattern=core
kernel.randomize_va_space=0
kernel.sched_child_runs_first=1
kernel.sched_autogroup_enabled=1
kernel.sched_migration_cost_ns=50000000
kernel.sched_latency_ns=250000000
EOF
}
grep -E -q '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub 2>/dev/null || echo Error: /etc/default/grub with GRUB_CMDLINE_LINUX_DEFAULT is not present, cannot set boot options
grep -E -q '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub 2>/dev/null && {
grep -E '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub | grep -E -q 'noibrs pcid nopti' || {
echo "Configuring performance boot options"
LINE=`grep -E '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub | sed 's/^GRUB_CMDLINE_LINUX_DEFAULT=//' | tr -d '"'`
OPTIONS="$LINE ibpb=off ibrs=off kpti=off l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs pcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=on pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx=on tsx_async_abort=off mitigations=off audit=0 hardened_usercopy=off ssbd=force-off"
echo Setting boot options in /etc/default/grub to GRUB_CMDLINE_LINUX_DEFAULT=\"$OPTIONS\"
sed -i "s|^GRUB_CMDLINE_LINUX_DEFAULT=.*|GRUB_CMDLINE_LINUX_DEFAULT=\"$OPTIONS\"|" /etc/default/grub
}
}
echo
echo "Reboot and enjoy your fuzzing"
exit 0
fi
echo "Error: Unknown platform \"$PLATFORM\", currently supported are Linux and MacOS."
exit 1
|
