Skip to content

Releases: mebeim/systrack

Systrack v0.5.1

25 Sep 13:18
5faa477
Compare
Choose a tag to compare

Improvements:

  • x86: improve x86 syscall extraction code fixing undetected CALL targets.

Internal changes:

  • x86: add some tests for syscall extraction based on v6.11 kernel build.

Systrack v0.5

27 May 15:19
dd3665a
Compare
Choose a tag to compare

We tried so hard, and got so far, but in the end, we need a disassembler! x86 mitigations have defeated us, we no longer have syscall tables to rely on. Kernel developers were kind enough to write very simple ABI-specific switch-based handlers to dispach syscalls, so analysis is still possible... just significantly more complicated.

Breaking changes:

  • Drop support for Python 3.6 and 3.7. Systrack now requires Python 3.8+. This is because of the new dependency on iced-x86.

Improvements:

  • x86: support new kernels (6.9+) with no syscall tables.
  • Remove unnecessary spaces between asterisks for double pointers in function signatures.
  • Avoid KFCI __{cfi,pfx}_ symbols when looking for ni_syscall symbols.

Internal changes:

  • Depend on iced-x86 for disassembling x86 instructions and on jinja2 for HTML output directly. Remove optional dependencies and only build one package.
  • Rename test folder to tests to use the hatch test as test commnad.
  • Improve logging reproducibility by sorting more debugging log output.
  • Improve broken Python package metadata (Python packaging moment).

Systrack v0.5-rc1

22 May 22:24
48d0fe7
Compare
Choose a tag to compare
Systrack v0.5-rc1 Pre-release
Pre-release
Systrack v0.5-rc1

Systrack v0.4

23 Mar 16:50
56f3652
Compare
Choose a tag to compare

New arch support: PowerPC 32-bit, tested on v5.0+ kernels.

Improvements:

  • Improve kconfig dependency checking logic for better warning/error messages.
  • PowerPC PPC64: improve esoteric fast switch_endian syscall detection.
  • Better (narrower) emoji spacing in HTML output.

Bug fixes:

  • Correctly report delete_module depending on CONFIG_MODULE_UNLOAD=y.
  • Fix incorrectly handled shared syscall table in x86-64 x32 ABI resulting in duplicated and unwanted entries in the output for kernels older than v5.4.
  • Fix chance of building kernels without memfd_create, memfd_secret, delete_module (and possibly others) by always enabling MEMFD_CREATE, MODULE_UNLOAD, NET and SECRETMEM when available.
  • Fix wrong handling of relative --kdir path (e.g., .) in some cases.
  • Fix missed detection of non-implemented syscalls pointing to kernel/sys_ni.c when DWARF debug info contains relative paths.
  • x86 x32: fix some x64 syscalls reported twice because both the x64 number and the historycally misnumbered x32 numbers (512-547) were being considered valid.

Internal changes:

  • Ignore sound/ and user/ dirs to speed up grepping syscall definitions.
  • Implement some basic unit tests for powerpc dummy/esoteric syscall detection.

Systrack v0.4-rc3

21 Mar 06:45
a4adc57
Compare
Choose a tag to compare
Systrack v0.4-rc3 Pre-release
Pre-release
Systrack v0.4-rc3

Systrack v0.4-rc2

20 Mar 01:46
7720ebc
Compare
Choose a tag to compare
Systrack v0.4-rc2 Pre-release
Pre-release
Systrack v0.4-rc2

Systrack v0.4-rc1

19 Mar 23:29
e7c58fc
Compare
Choose a tag to compare
Systrack v0.4-rc1 Pre-release
Pre-release
Systrack v0.4-rc1

Systrack v0.3.3

11 Mar 20:13
9c9b3ea
Compare
Choose a tag to compare

Improvements:

  • Correctly report lsm_{list_modules,get_self_attr,set_self_attr} depending on CONFIG_SECURITY=y.

Systrack v0.3.2

07 Jan 21:42
8488df7
Compare
Choose a tag to compare

Improvements:

  • Correctly report new futex_{wait,wake,requeue} syscalls depending on CONFIG_FUTEX=y.
  • Use unicorn emoji (cuter) instead of test tube for esoteric syscalls in HTML output.

Systrack v0.3.1

31 Oct 23:34
99940dc
Compare
Choose a tag to compare

Improvements:

  • x86: Add build support for map_shadow_stack.
  • Prefer compat_sys_ over __se_compat_sys_ and other longer symbol synonyms; same for .compat_sys_ on PowerPC.

Bug fixes:

  • Fix broken naive grepping of syscall definitions when no ripgrep is available.
  • Correctly report cachestat depending on CACHESTAT_SYSCALL=y.

Internal changes:

  • Sort stderr logs for reproducible output and easier diffing.
  • Skip lib/ directory in kernel sources to improve grepping performance.