Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Feb 2016 15:11:03 -0500
From: Rich Felker <>
Subject: Re: Address Sanitizer local root

On Wed, Feb 17, 2016 at 10:03:59PM -0500, Daniel Micay wrote:
> On Wed, 2016-02-17 at 17:24 -0800, Konstantin Serebryany wrote:
> > Sadly MPX is too slow, too memory-hungry, and does not protect from
> > use-after-free at all.
> MPX is definitely problematic (performance, memory usage, false
> positives with some atomic data structures, false positives without
> using it everywhere - essentially a new ABI) but I don't think the lack
> of coverage for lifetime issues is a major issue.
> The malloc implementation can do a good job at mitigating lifetime
> issues though. It can't detect 100% of UAF issues, but it can force
> usage of pointers to fault (via proper junk filling) and detect write
> after free via a comparable quarantine technique + validating that the
> junk data is unaltered when allocations leave the quarantine. It can be
> just as good at detecting double-free.
> See the follow-up email:
> It's extremely painful to actually debug the aborts and faults produced
> from this kind of hardening, so it doesn't really displace ASan at all
> even for the bits where it can be as reliable, and it doesn't cover the
> read-after-free case in the same way.

As long as the aborts/faults happen at the earliest point where the
wrong program behavior can be detected, I see no way they are "more
painful to debug" than having ASan or similar introspectively print
crash info. Attaching a debugger should get you equally useful


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ