[PATCH] gnu: Add ROPgadget.

DoneSubmitted by Jakub Kądziołka.
Details
2 participants
  • Jack Hill
  • Jakub Kądziołka
Owner
unassigned
Severity
normal
J
J
Jakub Kądziołka wrote on 24 Mar 2020 00:52
(address . guix-patches@gnu.org)
20200323235209.25030-1-kuba@kadziolka.net
* gnu/packages/engineering.scm (ropgadget): New variable.
---
gnu/packages/engineering.scm | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)

Toggle diff (35 lines)
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index 28a30a6831..bacfc2fbf6 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -1306,6 +1306,28 @@ bindings for Python, Java, OCaml and more.")
 (define-public python2-capstone
   (package-with-python2 python-capstone))
 
+(define-public ropgadget
+  (package
+    (name "ropgadget")
+    (version "6.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "ROPGadget" version))
+       (sha256
+        (base32
+         "0idiicgpijar9l9kqmfdh865c2mkfgxg0q7lpz77jc09l6q0afjh"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-capstone" ,python-capstone)))
+    (home-page "http://shell-storm.org/project/ROPgadget/")
+    (synopsis
+     "Gadget finder and auto-roper")
+    (description
+     "This tool lets you search for gadgets in binaries to help with ROP
+chain construction.")
+    (license license:bsd-3)))
+
 (define-public radare2
   (package
     (name "radare2")
-- 
2.25.2
J
J
Jack Hill wrote on 24 Mar 2020 16:18
(name . Jakub Kądziołka)(address . kuba@kadziolka.net)(address . 40203@debbugs.gnu.org)
alpine.DEB.2.20.2003241115350.5735@marsh.hcoop.net
On Tue, 24 Mar 2020, Jakub K�dzio�ka wrote:

[snip]

Toggle quote (4 lines)
> + (description
> + "This tool lets you search for gadgets in binaries to help with ROP
> +chain construction.")

Perhaps we should expand what ROP means here. I as able to figure it out
with some searching, but it would probably help non-domain experts know
what this package is for.

I believe such a change would be in line with what the Guix manual

Best,
Jack
J
J
Jakub Kądziołka wrote on 24 Mar 2020 17:34
(name . Jack Hill)(address . jackhill@jackhill.us)(address . 40203@debbugs.gnu.org)
20200324163448.fhjxatikhb7yovj2@gravity
On Tue, Mar 24, 2020 at 11:18:05AM -0400, Jack Hill wrote:
Toggle quote (12 lines)
> On Tue, 24 Mar 2020, Jakub Kądziołka wrote:
>
> [snip]
>
> > + (description
> > + "This tool lets you search for gadgets in binaries to help with ROP
> > +chain construction.")
>
> Perhaps we should expand what ROP means here. I as able to figure it out
> with some searching, but it would probably help non-domain experts know what
> this package is for.

Thanks, I totally forgot about non-domain experts when writing that
description. What do you think about this revised version?

(synopsis "Semiautomatic return oriented programming")
(description
"This tool lets you search for @acronym{ROP, Return Oriented Programming}
gadgets in binaries. Some facilities are included for automatically generating
chains of gadgets to execute system calls.")

Also, is the file in which I've put this package right? I choose that
place because that's where radare2 is, and it has a relatively
similar purpose. However, radare2 is a loose fit already, so ROPgadget
would be two steps removed from the original purpose of the file...

Regards,
Jakub Kądziołka
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEE5Xa/ss9usT31cTO54xWnWEYTFWQFAl56NqgACgkQ4xWnWEYT
FWQ2lhAApu3wmluiiqBwRizs0JrpYiTaPZRSjUYvHItCNVgOPjD6/+zG725XMjs1
55HurjscN3UrEoEm5KJBxg4VTxV23QmSZ8qand9txRdxUOCLIdNDHTQmQAY/FFqA
vEWFVA8PI+V2TQvS42odDWwryGZniMde9tfAoOJzAEoRPCsd1/BNAA67bZbziPaf
QeDUTZAJdd6mD8FMJ+ig7D/ZU8N0USQR+tlnxzilUCnEqlI/MYcPpC6Rah80dQCv
SNxcH/Pp7zuh+2ShuV5g4+I+94mLmDVPXaCsPx0LX/qMre5KbYmoOL3EufykJcl5
rfnGwhPy0mXtZiNv1qWqEIrvADtKognowRAsTmtUFDMtdsYW/1hcopfzrpc6UuO9
osnWCt5vi3Uwo3h1WKJr2H5GXnY4KH5SYFLtVGLmITuUzMon23d7cf60snBxajKO
4fJiMIsz5RLK2B4pQpy9iLf87HZo11Qk1SuGR7LliRor3iUkXaMzShjk6bbQsR0o
HVI8oD2Bt7cPkpylQGVKfo3PDJAgvgSelUmLUam60mcGXUwNy43nRVX4gIxEGD2n
rakqwigjuHdv7I7emQ2nXJxGTuK3ZoCIT+RJOhOtD3jQgBz4BsLj+8uUrcUSVDnQ
w7rKoDkklG39Uf8J9ZJdTkW7DELTiGUnzsMlcfZeC44JS0lvsrg=
=pUHw
-----END PGP SIGNATURE-----


J
J
Jack Hill wrote on 24 Mar 2020 17:53
(name . Jakub Kądziołka)(address . kuba@kadziolka.net)(address . 40203@debbugs.gnu.org)
alpine.DEB.2.20.2003241237260.5735@marsh.hcoop.net
On Tue, 24 Mar 2020, Jakub Kądziołka wrote:

Toggle quote (22 lines)
> On Tue, Mar 24, 2020 at 11:18:05AM -0400, Jack Hill wrote:
>> On Tue, 24 Mar 2020, Jakub Kądziołka wrote:
>>
>> [snip]
>>
>>> + (description
>>> + "This tool lets you search for gadgets in binaries to help with ROP
>>> +chain construction.")
>>
>> Perhaps we should expand what ROP means here. I as able to figure it out
>> with some searching, but it would probably help non-domain experts know what
>> this package is for.
>
> Thanks, I totally forgot about non-domain experts when writing that
> description. What do you think about this revised version?
>
> (synopsis "Semiautomatic return oriented programming")
> (description
> "This tool lets you search for @acronym{ROP, Return Oriented Programming}
> gadgets in binaries. Some facilities are included for automatically generating
> chains of gadgets to execute system calls.")

That makes it clearer to me, thanks!

Toggle quote (5 lines)
> Also, is the file in which I've put this package right? I choose that
> place because that's where radare2 is, and it has a relatively
> similar purpose. However, radare2 is a loose fit already, so ROPgadget
> would be two steps removed from the original purpose of the file...

Indeed. (Package) organization is difficult. I don't think I have any
useful insights.

Best,
Jack
J
J
Jakub Kądziołka wrote on 26 Mar 2020 22:55
[PATCH v2] gnu: Add ROPgadget.
(address . 40203@debbugs.gnu.org)(address . jackhill@jackhill.us)
20200326215529.12389-1-kuba@kadziolka.net
* gnu/packages/cybersecurity.scm: New file.
(ropgadget): New variable.
* gnu/local.mk (GNU_SYSTEM_MODULES): Register the file.
---
I have decided to move the package to a separate file. I don't recall
ever doing that before, so I'm sending the package for another,
hopefully quick, round of review.

gnu/local.mk | 1 +
gnu/packages/cybersecurity.scm | 46 ++++++++++++++++++++++++++++++++++
2 files changed, 47 insertions(+)
create mode 100644 gnu/packages/cybersecurity.scm

Toggle diff (66 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 07b159c4fe..0a406dffa0 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -138,6 +138,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/cups.scm				\
   %D%/packages/curl.scm				\
   %D%/packages/cvassistant.scm			\
+  %D%/packages/cybersecurity.scm		\
   %D%/packages/cyrus-sasl.scm			\
   %D%/packages/databases.scm			\
   %D%/packages/datamash.scm			\
diff --git a/gnu/packages/cybersecurity.scm b/gnu/packages/cybersecurity.scm
new file mode 100644
index 0000000000..aedac03b8a
--- /dev/null
+++ b/gnu/packages/cybersecurity.scm
@@ -0,0 +1,46 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages cybersecurity)
+  #:use-module (guix download)
+  #:use-module (guix packages)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix build-system python)
+  #:use-module (gnu packages engineering))
+
+(define-public ropgadget
+  (package
+    (name "ropgadget")
+    (version "6.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "ROPGadget" version))
+       (sha256
+        (base32
+         "0idiicgpijar9l9kqmfdh865c2mkfgxg0q7lpz77jc09l6q0afjh"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-capstone" ,python-capstone)))
+    (home-page "http://shell-storm.org/project/ROPgadget/")
+    (synopsis "Semiautomatic return oriented programming")
+    (description
+     "This tool lets you search for @acronym{ROP, Return Oriented Programming}
+gadgets in binaries.  Some facilities are included for automatically generating
+chains of gadgets to execute system calls.")
+    (license license:bsd-3)))
-- 
2.25.2
J
J
Jakub Kądziołka wrote on 26 Mar 2020 23:26
(address . 40203-done@debbugs.gnu.org)
20200326222643.26tbnv4tltbs75lx@gravity
Pushed as commit 60eee3e6de2a11b425496bbdf90bfe1f807c8f49 after a review
from ngz on IRC.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEE5Xa/ss9usT31cTO54xWnWEYTFWQFAl59LB4ACgkQ4xWnWEYT
FWSm8w//QeYCApTyg0MtMgFZIbmUguWVdiSzhsklz3z3HdCh2YvU1rSlgaDA5N6A
Xfb0f/eF2MjTMgcOdC8JVyzHVLI3aHO6nLtR9qak948atfPaDkBl2d2hK/gb8BMZ
Xlxc/o27aytUl4FULiOZnEk/8N0f0ZjK2u/QT72qMfkVjblNQOv0pXjSxm59il1C
c3rbof9zaoseVjdQxi2aOHi0fAsLWcgxbvA1M7ge8FnGdGAiJ5rDuV2k7euPQVAf
Q0lRexJcOsXbYjMtrcDZqc4dhXUGagPo3bv6Gdr/pCKBsTifIkWoIQeY6PNBTDrk
rFlvrPiSNFsPHznRHnE4kHnhdJlH13ijorO6mTe7fiPmViLn2y7xuYvjOruwQPqf
S82tkPz7aWd09XTmM5QRXcxRke+azhgwJn/oEzjffktBFy2NPoXa+b00ecADWcx6
7dhGj2XDlQqYeqllSzcnzKSenYJqQQrlubTDRohvDdh8GepIJLVBGmcgGoUjUH7g
HTD5Nudo68+a5PSwNcvqDr3Zc2qXf3f1JXs+DfShjhkwK2wpVhPAg2JSxFOcjw4F
dvHkdoQiK4ASeN+aC33uxlJWsIszw2M2n4LRLqx2KS9/ZtMgvRScbALq4uH5RlNJ
PKMfIG/zCA2jD0t3o8Kvtn6o+oUJzue+fvhMlhPRGlDpa1WtmAU=
=J4qw
-----END PGP SIGNATURE-----


Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 40203@debbugs.gnu.org