* Rename execSan to SystemSan.
All of the bug detectors we've built (or plan to build) relate to system
state.
* fix documentation
* fix more documentation
* A PoC with `node-shell-quote` v1.7.3.
* A description of the shell injection bug in the prev version of shell-quote and how to reproduce it with `execSan`.
* Amend the instructions to run `execSan` on `node-shell-quote` and `pytorch-lightning`.
* Removes the `: ` prefix in our previous pattern to capture case ii and reduce false negatives:
1. Our previous pattern (i.e. `: Syntax error`) is designed to reduce false positives, but it relies on `dash` to print out an error message within one `write` syscall. E.g. `sh: 1: Syntax error: "invalid_command" unexpected`.
2. In some cases, `dash` breaks the message into multiple `write` syscalls. E.g. it invokes 2 `writes` whose buffers respectively contain `sh: 1:`, ` Syntax error: "invalid_command" unexpected`.
* Fix outdated wording
* A TODO about using more specific patterns of error messages
* Remove redundant tripwire from Makefile
* Detect shell corruption based on syntax errors
* Type, name, format, typo, etc.
* Error pattern matching logic
* clang-format
* Code structure fix
* Extend the pathname length of shell to be safe
* Remove redundant operations on memory read from regs
* More specific patterns
* Identify sh
* Remove redudant substr
* Document shell corruption in README.md
* Clang-format
* Organise printf/debug_log/cerr
* Remove a completed TODO
* Use readlink instead of `file`
* Clang-format
* execSan: Follow forks.
- ptrace all child processes.
- Look for execve() calls with /tmp/tripwire as the first argument.
There's no need for it to actually run.
- Convert to C++.
* remove ununused tripwire code
* comments
* An attempt to detect shell injection with ptrace
* Relocate sanitizer files
* Add headers and file descriptions
* Better cleanup
* Name and analogy
* TODOs
* safer cleanup
* More descriptive name
* More descriptive README.md
* More descriptive file names
* One more TODOs
Oliver Chang