Re: Address Sanitizer local root

[Rich Felker <dalias () libc org>]

On Wed, Feb 17, 2016 at 10:03:59PM -0500, Daniel Micay wrote:
> On Wed, 2016-02-17 at 17:24 -0800, Konstantin Serebryany wrote:
> > Sadly MPX is too slow, too memory-hungry, and does not protect from
> > use-after-free at all.
>
> MPX is definitely problematic (performance, memory usage, false
> positives with some atomic data structures, false positives without
> using it everywhere - essentially a new ABI) but I don't think the lack
> of coverage for lifetime issues is a major issue.
>
> The malloc implementation can do a good job at mitigating lifetime
> issues though. It can't detect 100% of UAF issues, but it can force
> usage of pointers to fault (via proper junk filling) and detect write
> after free via a comparable quarantine technique + validating that the
> junk data is unaltered when allocations leave the quarantine. It can be
> just as good at detecting double-free.
>
> See the follow-up email:
>
> http://www.openwall.com/lists/oss-security/2016/02/18/3
>
> It's extremely painful to actually debug the aborts and faults produced
> from this kind of hardening, so it doesn't really displace ASan at all
> even for the bits where it can be as reliable, and it doesn't cover the
> read-after-free case in the same way.

As long as the aborts/faults happen at the earliest point where the
wrong program behavior can be detected, I see no way they are "more
painful to debug" than having ASan or similar introspectively print
crash info. Attaching a debugger should get you equally useful
information.

Rich