version 1.1, 2017/02/16 00:01:14
|
version 1.2, 2017/02/16 00:06:15
|
Line 15 I've been running it on netbsd tests in
|
Line 15 I've been running it on netbsd tests in
|
|
|
env ASAN_OPTIONS=alloc_dealloc_mismatch=0 LD_PRELOAD="/usr/lib/libasan.so /usr/lib/libubsan.so" atf-run |
env ASAN_OPTIONS=alloc_dealloc_mismatch=0 LD_PRELOAD="/usr/lib/libasan.so /usr/lib/libubsan.so" atf-run |
|
|
|
sysctl -w security.pax.aslr.enabled=0 # [3] |
|
|
1. Seems like this is a cause of worse reports, as in-library functions |
1. Seems like this is a cause of worse reports, as in-library functions |
are not intercepted. |
are not intercepted. |
|
|
2. Not even close to canonical commands, should probably be improved. |
2. Not even close to canonical commands, should probably be improved. |
|
|
3. ASAN_OPTIONS=alloc_dealloc_mismatch=0 is because atf-run itself |
3. To workaround "Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly". An alternative is to LD_PRELOAD and LD_LIBRARY_PATH an entirely separate libc, ld.elf_so, etc. |
|
|
|
4. ASAN_OPTIONS=alloc_dealloc_mismatch=0 is because atf-run itself |
triggers a bug. Should have a look at it so this option doesn't |
triggers a bug. Should have a look at it so this option doesn't |
need to be disabled. |
need to be disabled. |
|
|
Line 42 also sort by issue.
|
Line 46 also sort by issue.
|
|
|
Some suggestions for things to focus on, as there are many defects |
Some suggestions for things to focus on, as there are many defects |
reported: |
reported: |
|
|
- Setuid programs |
- Setuid programs |
- Anything kernel |
- Anything kernel |
- Stuff that runs as root |
- Stuff that runs as root |
|
|
- Library or other code you know well already |
- Library or other code you know well already |
- Drivers for hardware you actually own and can test |
- Drivers for hardware you actually own and can test |
|
|
Future ideas: |
Future ideas: |
|
|
- GCC could be told to add ASan flags for all shared objects, making |
- GCC could be told to add ASan flags for all shared objects, making it easier to build world with those flags |
it easier to build world with those flags |
|
- We could run all of NetBSD with ASan for some real world tests. |
- We could run all of NetBSD with ASan for some real world tests. |
- ASan for kernel? (subr_kmem.c has some flags which do some of the |
- ASan for kernel? (subr_kmem.c has some flags which do some of the work, could it do more?) |
work, could it do more?) |
|
- Fuzzers are cool. |
- Fuzzers are cool. |