Entries tagged as memorysafety
addresssanitizer afl americanfuzzylop asan bufferoverflow c clang fuzzing gcc gentoo heartbleed linux openssl security useafterfree freesoftware gimp sunras code php programming sizeof 3d ac100 aiglx android beryl censorship compiz compizfusion composite cryptography developer english france freedomofspeech gebabbel gps gpsbabel idn iputils josm kde laptop lenovo libressl merkaartor metacity mobiletrailexplorer nancy notebook openbsd openstreetmap ping politics rmll smartbook ssl subnotebook thinkpad tls toshiba ubuntu x1carbon xgl xorg zensur 1und1 4k apache apt artikel assembler ati augsburg augsburgerallgemeine backnang bahn bash berlin bios bonn cacert camera canon cardreader ccc ccwn chemnitz chromium cinelerra clt come2linux compression console copyright core coredump cpu cpufreq crash creativecommons cve darmstadt deb debian delilinux demoscene desktop developingworld distribution dmidecode driver drm eltorito entropia essen esslingen exe fedora ffmpeg firefox fma86t frankreich freeculture freedesktop freifunk frequencies froscon froscon2007 gadgets gaia games gammu gatos ghost glibc gnokii gnome gnupg google googleearth gpg gphoto gpn gpn5 graphics grsecurity grub gtk hacker harddisk hardware hash hddtemp homebrew howto hp http ibm ico icons icoutils inkscape installparty iptables iso itu kgtk kubuntu lessig license lit07 lm_sensors lpi lpic lspci lsusb ludwigsburg lug luga lugbk macos mandriva md5 memdisk memorystick messe metisse microsoft mobile motherboard movie mplayer mrmcd mrmcd101b multimedia network nokia nouveau nvidia olpc omnibook opengl openpgp overheatd overheating packagemanagement passwörter pciids pcmagazin pcmcia pgp presse proxy ptp qt r300 radeon randr12 rar redhat reverseengineering ricoh rpm samsung schokokeks sd sdricohcs segfault server sha1 shellshock siegburg signatures smart smartmontools sncf softwarefreedomday squid standards support symlink syslinux t61 talk thesource theunarchiver time tv tvout unar unicode usability usb usbids utf-8 vc-1 video videoediting vista vortrag vulnerability waiblingen web20 webhosting webinale webroot websecurity webserver wii wiibrew win32codecs windows windowsrefund wine wlan wmv wos wos4 wrestool zeitung 0days 27c3 adguard adobe aead aes afra algorithm altushost antivir antivirus aok auskunftsanspruch axfr azure barcamp berserk bias bigbluebutton bleichenbacher blog bodensee botnetz braunschweig browser bsi bsideshn bugbounty bundesdatenschutzgesetz bundestrojaner bundesverfassungsgericht busby bypass ca cbc cccamp11 cellular certificate cfb chcounter chrome clamav clickjacking cloudflare cmi cms conflictofinterest cookie crypto csrf datenschutz dell deolalikar diffiehellman dingens diploma diplomarbeit distributions dns domain drupal easterhegg edellroot eff email encryption eplus facebook fileexfiltration firewall forwardsecrecy freak freewvs frequency fsfe ftp gajim gallery git gnutls gobi gsm gsoc gstreamer hackerone hacking hannover helma https infoleak informationdisclosure internetscan ircbot itsecurity jabber javascript jodconverter joomla karlsruhe kaspersky key keyexchange komodia leak libreoffice luckythirteen malware maninthemiddle mantis math mephisto milleniumproblems mitm mobilephones modulobias moodle mozilla mpaa mrmcd100b mysql napster nessus netfiltersdk newspaper nist nss ntp ntpd observatory onlinedurchsuchung openbsc openbts openleaks openvas osmocombb otr owncloud padding panda papierlos password passwordalert passwort pdo phishing pnp poodle privacy privdog protocolfilters provablesecurity pss python rand random rc2 rhein rsa rsapss rss s9y salinecourier schlüssel science serendipity session sha2 sha256 sha512 shellbot sicherheit slides smime snallygaster sni sniffing spam sqlinjection squirrelmail staatsanwaltschaft stacktrace study stuttgart subdomain superfish taz thesis tlsdate toendacms transvalid überwachung unicef update updates userdir verschlüsselung virus vlc vulnerabilities web webapps webmontag wiesbaden windowsxp wiretapping wordpress x509 xine xmpp xsa xss zerodays zugangsdaten zzuf
Tuesday, January 26. 2016
Safer use of C code - running Gentoo with Address Sanitizer
Update: When I wrote this blog post it was an open question for me whether using Address Sanitizer in production is a good idea. A recent analysis posted on the oss-security mailing list explains in detail why using Asan in its current form is almost certainly not a good idea. Having any suid binary built with Asan enables a local root exploit - and there are various other issues. Therefore using Gentoo with Address Sanitizer is only recommended for developing and debugging purposes.
Address Sanitizer is a remarkable feature that is part of the gcc and clang compilers. It can be used to find many typical C bugs - invalid memory reads and writes, use after free errors etc. - while running applications. It has found countless bugs in many software packages. I'm often surprised that many people in the free software community seem to be unaware of this powerful tool.
Address Sanitizer is mainly intended to be a debugging tool. It is usually used to test single applications, often in combination with fuzzing. But as Address Sanitizer can prevent many typical C security bugs - why not use it in production? It doesn't come for free. Address Sanitizer takes significantly more memory and slows down applications by 50 - 100 %. But for some security sensitive applications this may be a reasonable trade-off. The Tor project is already experimenting with this with its Hardened Tor Browser.
One project I've been working on in the past months is to allow a Gentoo system to be compiled with Address Sanitizer. Today I'm publishing this and want to allow others to test it. I have created a page in the Gentoo Wiki that should become the central documentation hub for this project. I published an overlay with several fixes and quirks on Github.
I see this work as part of my Fuzzing Project. (I'm posting it here because the Gentoo category of my personal blog gets indexed by Planet Gentoo.)
I am not sure if using Gentoo with Address Sanitizer is reasonable for a production system. One thing that makes me uneasy in suggesting this for high security requirements is that it's currently incompatible with Grsecurity. But just creating this project already caused me to find a whole number of bugs in several applications. Some notable examples include Coreutils/shred, Bash ([2], [3]), man-db, Pidgin-OTR, Courier, Syslog-NG, Screen, Claws-Mail ([2], [3]), ProFTPD ([2], [3]) ICU, TCL ([2]), Dovecot. I think it was worth the effort.
I will present this work in a talk at FOSDEM in Brussels this Saturday, 14:00, in the Security Devroom.
Address Sanitizer is a remarkable feature that is part of the gcc and clang compilers. It can be used to find many typical C bugs - invalid memory reads and writes, use after free errors etc. - while running applications. It has found countless bugs in many software packages. I'm often surprised that many people in the free software community seem to be unaware of this powerful tool.Address Sanitizer is mainly intended to be a debugging tool. It is usually used to test single applications, often in combination with fuzzing. But as Address Sanitizer can prevent many typical C security bugs - why not use it in production? It doesn't come for free. Address Sanitizer takes significantly more memory and slows down applications by 50 - 100 %. But for some security sensitive applications this may be a reasonable trade-off. The Tor project is already experimenting with this with its Hardened Tor Browser.
One project I've been working on in the past months is to allow a Gentoo system to be compiled with Address Sanitizer. Today I'm publishing this and want to allow others to test it. I have created a page in the Gentoo Wiki that should become the central documentation hub for this project. I published an overlay with several fixes and quirks on Github.
I see this work as part of my Fuzzing Project. (I'm posting it here because the Gentoo category of my personal blog gets indexed by Planet Gentoo.)
I am not sure if using Gentoo with Address Sanitizer is reasonable for a production system. One thing that makes me uneasy in suggesting this for high security requirements is that it's currently incompatible with Grsecurity. But just creating this project already caused me to find a whole number of bugs in several applications. Some notable examples include Coreutils/shred, Bash ([2], [3]), man-db, Pidgin-OTR, Courier, Syslog-NG, Screen, Claws-Mail ([2], [3]), ProFTPD ([2], [3]) ICU, TCL ([2]), Dovecot. I think it was worth the effort.
I will present this work in a talk at FOSDEM in Brussels this Saturday, 14:00, in the Security Devroom.
About me
You can find my web page with links to my work as a journalist at https://hboeck.de/.
You may also find my newsletter about climate change and decarbonization technologies interesting.
Hanno Böck
mail: hanno@hboeck.de
Hanno on Mastodon
Impressum
You may also find my newsletter about climate change and decarbonization technologies interesting.
Hanno Böck
mail: hanno@hboeck.de
Hanno on Mastodon
Impressum
Creative Commons
Unless noted otherwise, all content is CC Zero / public domain
