scripts/tests hol_light selects the proof architecture from
platform.machine() at scripts/tests:1031 through scripts/tests:1034. If
the host is not arm64, aarch64, or x86_64, the function returns at
scripts/tests:1035 through scripts/tests:1036 without printing a diagnostic,
listing proofs, or calling check_fail().
The proof of concept monkeypatches platform.machine() to return riscv64 and
executes the real scripts/tests hol_light entry point. The command exits zero
with no output.
Run:
bash ptp/pocs/poc-hol-light-unsupported-arch-exits-zero.sh
Observed output:
run_rc=0
stdout_bytes=0
stderr_bytes=0
VULNERABLE: HOL-Light tests silently passed on unsupported arch
scripts/tests hol_lightselects the proof architecture fromplatform.machine()atscripts/tests:1031throughscripts/tests:1034. Ifthe host is not
arm64,aarch64, orx86_64, the function returns atscripts/tests:1035throughscripts/tests:1036without printing a diagnostic,listing proofs, or calling
check_fail().The proof of concept monkeypatches
platform.machine()to returnriscv64andexecutes the real
scripts/tests hol_lightentry point. The command exits zerowith no output.
Run:
Observed output: