oss-sec mailing list archives
Re: Address Sanitizer local root
From: Rich Felker <dalias () libc org>
Date: Fri, 19 Feb 2016 15:11:03 -0500
On Wed, Feb 17, 2016 at 10:03:59PM -0500, Daniel Micay wrote:
On Wed, 2016-02-17 at 17:24 -0800, Konstantin Serebryany wrote:Sadly MPX is too slow, too memory-hungry, and does not protect from use-after-free at all.MPX is definitely problematic (performance, memory usage, false positives with some atomic data structures, false positives without using it everywhere - essentially a new ABI) but I don't think the lack of coverage for lifetime issues is a major issue. The malloc implementation can do a good job at mitigating lifetime issues though. It can't detect 100% of UAF issues, but it can force usage of pointers to fault (via proper junk filling) and detect write after free via a comparable quarantine technique + validating that the junk data is unaltered when allocations leave the quarantine. It can be just as good at detecting double-free. See the follow-up email: http://www.openwall.com/lists/oss-security/2016/02/18/3 It's extremely painful to actually debug the aborts and faults produced from this kind of hardening, so it doesn't really displace ASan at all even for the bits where it can be as reliable, and it doesn't cover the read-after-free case in the same way.
As long as the aborts/faults happen at the earliest point where the wrong program behavior can be detected, I see no way they are "more painful to debug" than having ASan or similar introspectively print crash info. Attaching a debugger should get you equally useful information. Rich
Current thread:
- Address Sanitizer local root Szabolcs Nagy (Feb 17)
- Re: Address Sanitizer local root Daniel Micay (Feb 17)
- Re: Address Sanitizer local root Daniel Micay (Feb 17)
- Re: Address Sanitizer local root Konstantin Serebryany (Feb 17)
- Re: Address Sanitizer local root Daniel Micay (Feb 17)
- Re: Address Sanitizer local root Rich Felker (Feb 19)
- Re: Address Sanitizer local root Daniel Micay (Feb 19)
- Re: Address Sanitizer local root Daniel Micay (Feb 17)
- Re: Address Sanitizer local root Daniel Micay (Feb 17)
- Re: Address Sanitizer local root Hanno Böck (Feb 18)
- Re: Address Sanitizer local root Balint Reczey (Feb 18)
- Re: Address Sanitizer local root Daniel Micay (Feb 18)
- Re: Address Sanitizer local root Gynvael Coldwind (Feb 18)
- Re: Address Sanitizer local root Robert Święcki (Feb 18)
- <Possible follow-ups>
- Re: Address Sanitizer local root Darren Martyn (Feb 18)
- Re: Re: Address Sanitizer local root Rich Felker (Feb 18)
- Re: Re: Address Sanitizer local root Gynvael Coldwind (Feb 18)