1*08b48e0bSAndroid Build Coastguard Worker#!/bin/sh 2*08b48e0bSAndroid Build Coastguard Workertest "$1" = "-h" -o "$1" = "-hh" -o "$1" = "--help" && { 3*08b48e0bSAndroid Build Coastguard Worker echo 'afl-system-config by Marc Heuse <[email protected]>' 4*08b48e0bSAndroid Build Coastguard Worker echo 5*08b48e0bSAndroid Build Coastguard Worker echo $0 6*08b48e0bSAndroid Build Coastguard Worker echo 7*08b48e0bSAndroid Build Coastguard Worker echo afl-system-config has no command line options 8*08b48e0bSAndroid Build Coastguard Worker echo 9*08b48e0bSAndroid Build Coastguard Worker echo afl-system-config reconfigures the system to a high performance fuzzing state. 10*08b48e0bSAndroid Build Coastguard Worker echo "WARNING: this reduces the security of the system!" 11*08b48e0bSAndroid Build Coastguard Worker echo 12*08b48e0bSAndroid Build Coastguard Worker echo Note that there is also afl-persistent-config which sets additional permanent 13*08b48e0bSAndroid Build Coastguard Worker echo configuration options. 14*08b48e0bSAndroid Build Coastguard Worker exit 0 15*08b48e0bSAndroid Build Coastguard Worker} 16*08b48e0bSAndroid Build Coastguard Workerif [ $# -ne 0 ]; then 17*08b48e0bSAndroid Build Coastguard Worker echo "ERROR: Unknown option(s): $@" 18*08b48e0bSAndroid Build Coastguard Worker exit 1 19*08b48e0bSAndroid Build Coastguard Workerfi 20*08b48e0bSAndroid Build Coastguard Worker 21*08b48e0bSAndroid Build Coastguard WorkerDONE= 22*08b48e0bSAndroid Build Coastguard WorkerPLATFORM=`uname -s` 23*08b48e0bSAndroid Build Coastguard Workerecho This reconfigures the system to have a better fuzzing performance. 24*08b48e0bSAndroid Build Coastguard Workerecho "WARNING: this reduces the security of the system!" 25*08b48e0bSAndroid Build Coastguard Workerecho 26*08b48e0bSAndroid Build Coastguard Workerif [ '!' "$EUID" = 0 ] && [ '!' `id -u` = 0 ] ; then 27*08b48e0bSAndroid Build Coastguard Worker echo "Warning: you need to be root to run this!" 28*08b48e0bSAndroid Build Coastguard Worker sleep 1 29*08b48e0bSAndroid Build Coastguard Worker # we do not exit as other mechanisms exist that allows to do this than 30*08b48e0bSAndroid Build Coastguard Worker # being root. let the errors speak for themselves. 31*08b48e0bSAndroid Build Coastguard Workerfi 32*08b48e0bSAndroid Build Coastguard Workersleep 1 33*08b48e0bSAndroid Build Coastguard Workerif [ "$PLATFORM" = "Linux" ] ; then 34*08b48e0bSAndroid Build Coastguard Worker{ 35*08b48e0bSAndroid Build Coastguard Worker sysctl -w kernel.core_uses_pid=0 36*08b48e0bSAndroid Build Coastguard Worker # Arch Linux requires core_pattern to be empty :( 37*08b48e0bSAndroid Build Coastguard Worker test -e /etc/arch-release && sysctl -w kernel.core_pattern= 38*08b48e0bSAndroid Build Coastguard Worker test -e /etc/arch-release || sysctl -w kernel.core_pattern=core 39*08b48e0bSAndroid Build Coastguard Worker sysctl -w kernel.randomize_va_space=0 40*08b48e0bSAndroid Build Coastguard Worker sysctl -w kernel.sched_child_runs_first=1 41*08b48e0bSAndroid Build Coastguard Worker sysctl -w kernel.sched_autogroup_enabled=1 42*08b48e0bSAndroid Build Coastguard Worker sysctl -w kernel.sched_migration_cost_ns=50000000 2>/dev/null 43*08b48e0bSAndroid Build Coastguard Worker sysctl -w kernel.sched_latency_ns=250000000 2>/dev/null 44*08b48e0bSAndroid Build Coastguard Worker echo never > /sys/kernel/mm/transparent_hugepage/enabled 45*08b48e0bSAndroid Build Coastguard Worker test -e /sys/devices/system/cpu/cpufreq/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpufreq/scaling_governor 46*08b48e0bSAndroid Build Coastguard Worker test -e /sys/devices/system/cpu/cpufreq/policy0/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpufreq/policy*/scaling_governor 47*08b48e0bSAndroid Build Coastguard Worker test -e /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor 48*08b48e0bSAndroid Build Coastguard Worker test -e /sys/devices/system/cpu/intel_pstate/no_turbo && echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo 49*08b48e0bSAndroid Build Coastguard Worker test -e /sys/devices/system/cpu/cpufreq/boost && echo 1 > /sys/devices/system/cpu/cpufreq/boost 50*08b48e0bSAndroid Build Coastguard Worker test -e /sys/devices/system/cpu/intel_pstate/max_perf_pct && echo 100 > /sys/devices/system/cpu/intel_pstate/max_perf_pct 51*08b48e0bSAndroid Build Coastguard Worker test -n "$(which auditctl)" && auditctl -a never,task >/dev/null 2>&1 52*08b48e0bSAndroid Build Coastguard Worker} > /dev/null 53*08b48e0bSAndroid Build Coastguard Worker echo Settings applied. 54*08b48e0bSAndroid Build Coastguard Worker echo 55*08b48e0bSAndroid Build Coastguard Worker dmesg | grep -E -q 'noibrs pcid nopti' || { 56*08b48e0bSAndroid Build Coastguard Worker echo It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this: 57*08b48e0bSAndroid Build Coastguard Worker echo ' /etc/default/grub:GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=0 l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs pcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=on pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx_async_abort=off arm64.nopauth audit=0 hardened_usercopy=off ssbd=force-off"' 58*08b48e0bSAndroid Build Coastguard Worker echo 59*08b48e0bSAndroid Build Coastguard Worker } 60*08b48e0bSAndroid Build Coastguard Worker echo If you run fuzzing instances in docker, run them with \"--security-opt seccomp=unconfined\" for more speed. 61*08b48e0bSAndroid Build Coastguard Worker echo 62*08b48e0bSAndroid Build Coastguard Worker DONE=1 63*08b48e0bSAndroid Build Coastguard Workerfi 64*08b48e0bSAndroid Build Coastguard Workerif [ "$PLATFORM" = "FreeBSD" ] ; then 65*08b48e0bSAndroid Build Coastguard Worker{ 66*08b48e0bSAndroid Build Coastguard Worker sysctl kern.elf32.aslr.enable=0 67*08b48e0bSAndroid Build Coastguard Worker sysctl kern.elf64.aslr.enable=0 68*08b48e0bSAndroid Build Coastguard Worker} > /dev/null 69*08b48e0bSAndroid Build Coastguard Worker echo Settings applied. 70*08b48e0bSAndroid Build Coastguard Worker echo 71*08b48e0bSAndroid Build Coastguard Worker cat <<EOF 72*08b48e0bSAndroid Build Coastguard WorkerIn order to suppress core file generation during fuzzing it is recommended to set 73*08b48e0bSAndroid Build Coastguard Workerme:\\ 74*08b48e0bSAndroid Build Coastguard Worker :coredumpsize=0: 75*08b48e0bSAndroid Build Coastguard Workerin the ~/.login_conf file for the user used for fuzzing. 76*08b48e0bSAndroid Build Coastguard WorkerEOF 77*08b48e0bSAndroid Build Coastguard Worker echo It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this: 78*08b48e0bSAndroid Build Coastguard Worker echo ' sysctl hw.ibrs_disable=1' 79*08b48e0bSAndroid Build Coastguard Worker echo 'Setting kern.pmap.pg_ps_enabled=0 into /boot/loader.conf might be helpful too.' 80*08b48e0bSAndroid Build Coastguard Worker echo 81*08b48e0bSAndroid Build Coastguard Worker DONE=1 82*08b48e0bSAndroid Build Coastguard Workerfi 83*08b48e0bSAndroid Build Coastguard Workerif [ "$PLATFORM" = "OpenBSD" ] ; then 84*08b48e0bSAndroid Build Coastguard Worker doas sysctl vm.malloc_conf= 85*08b48e0bSAndroid Build Coastguard Worker echo 'Freecheck on allocation in particular can be detrimental to performance.' 86*08b48e0bSAndroid Build Coastguard Worker echo 'Also we might not want necessarily to abort at any allocation failure.' 87*08b48e0bSAndroid Build Coastguard Worker echo 'System security features cannot be disabled on OpenBSD.' 88*08b48e0bSAndroid Build Coastguard Worker echo 89*08b48e0bSAndroid Build Coastguard Worker DONE=1 90*08b48e0bSAndroid Build Coastguard Workerfi 91*08b48e0bSAndroid Build Coastguard Workerif [ "$PLATFORM" = "DragonFly" ] ; then 92*08b48e0bSAndroid Build Coastguard Worker #/sbin/sysctl kern.corefile=/dev/null 93*08b48e0bSAndroid Build Coastguard Worker #echo Settings applied. 94*08b48e0bSAndroid Build Coastguard Worker cat <<EOF 95*08b48e0bSAndroid Build Coastguard WorkerIn order to suppress core file generation during fuzzing it is recommended to set 96*08b48e0bSAndroid Build Coastguard Workerme:\\ 97*08b48e0bSAndroid Build Coastguard Worker :coredumpsize=0: 98*08b48e0bSAndroid Build Coastguard Workerin the ~/.login_conf file for the user used for fuzzing. 99*08b48e0bSAndroid Build Coastguard WorkerEOF 100*08b48e0bSAndroid Build Coastguard Worker echo 101*08b48e0bSAndroid Build Coastguard Worker DONE=1 102*08b48e0bSAndroid Build Coastguard Workerfi 103*08b48e0bSAndroid Build Coastguard Workerif [ "$PLATFORM" = "NetBSD" ] ; then 104*08b48e0bSAndroid Build Coastguard Worker{ 105*08b48e0bSAndroid Build Coastguard Worker /sbin/sysctl -w security.models.extensions.user_set_cpu_affinity=1 106*08b48e0bSAndroid Build Coastguard Worker} > /dev/null 107*08b48e0bSAndroid Build Coastguard Worker echo Settings applied. 108*08b48e0bSAndroid Build Coastguard Worker echo 109*08b48e0bSAndroid Build Coastguard Worker DONE=1 110*08b48e0bSAndroid Build Coastguard Workerfi 111*08b48e0bSAndroid Build Coastguard Workerif [ "$PLATFORM" = "Darwin" ] ; then 112*08b48e0bSAndroid Build Coastguard Worker sysctl kern.sysv.shmmax=524288000 113*08b48e0bSAndroid Build Coastguard Worker sysctl kern.sysv.shmmin=1 114*08b48e0bSAndroid Build Coastguard Worker sysctl kern.sysv.shmseg=48 115*08b48e0bSAndroid Build Coastguard Worker sysctl kern.sysv.shmall=131072000 116*08b48e0bSAndroid Build Coastguard Worker echo Settings applied. 117*08b48e0bSAndroid Build Coastguard Worker echo 118*08b48e0bSAndroid Build Coastguard Worker if $(launchctl list 2>/dev/null | grep -q '\.ReportCrash\>') ; then 119*08b48e0bSAndroid Build Coastguard Worker echo 120*08b48e0bSAndroid Build Coastguard Worker echo Unloading the default crash reporter 121*08b48e0bSAndroid Build Coastguard Worker SL=/System/Library; PL=com.apple.ReportCrash 122*08b48e0bSAndroid Build Coastguard Worker sudo -u "$SUDO_USER" launchctl unload -w ${SL}/LaunchAgents/${PL}.plist 123*08b48e0bSAndroid Build Coastguard Worker launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist 124*08b48e0bSAndroid Build Coastguard Worker echo 125*08b48e0bSAndroid Build Coastguard Worker fi 126*08b48e0bSAndroid Build Coastguard Worker echo It is recommended to disable System Integrity Protection for increased performance. 127*08b48e0bSAndroid Build Coastguard Worker echo See: https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection 128*08b48e0bSAndroid Build Coastguard Worker echo 129*08b48e0bSAndroid Build Coastguard Worker DONE=1 130*08b48e0bSAndroid Build Coastguard Workerfi 131*08b48e0bSAndroid Build Coastguard Workerif [ "$PLATFORM" = "Haiku" ] ; then 132*08b48e0bSAndroid Build Coastguard Worker DEBUG_SERVER_DIR=~/config/settings/system/debug_server 133*08b48e0bSAndroid Build Coastguard Worker [ ! -d ${DEBUG_SERVER_DIR} ] && mkdir -p ${DEBUG_SERVER_DIR} 134*08b48e0bSAndroid Build Coastguard Worker SETTINGS=${DEBUG_SERVER_DIR}/settings 135*08b48e0bSAndroid Build Coastguard Worker [ -r ${SETTINGS} ] && grep -qE "default_action\s+kill" ${SETTINGS} && { echo "Nothing to do"; } || { \ 136*08b48e0bSAndroid Build Coastguard Worker echo We change the debug_server default_action from user to silently kill; \ 137*08b48e0bSAndroid Build Coastguard Worker [ ! -r ${SETTINGS} ] && echo "default_action kill" >${SETTINGS} || { mv ${SETTINGS} s.tmp; sed -e "s/default_action\s\s*user/default_action kill/" s.tmp > ${SETTINGS}; rm s.tmp; }; \ 138*08b48e0bSAndroid Build Coastguard Worker echo Settings applied.; echo; \ 139*08b48e0bSAndroid Build Coastguard Worker } 140*08b48e0bSAndroid Build Coastguard Worker DONE=1 141*08b48e0bSAndroid Build Coastguard Workerfi 142*08b48e0bSAndroid Build Coastguard Workertest -z "$DONE" && echo Error: Unknown platform: $PLATFORM 143*08b48e0bSAndroid Build Coastguard Workerexit 0 144