Gentoo Archives: gentoo-dev

From: "Hanno Böck" <hanno@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] Creating a Gentoo built with Address Sanitizer
Date: Thu, 02 Jul 2015 13:11:53
Message-Id: 20150702151236.4dded446@pc1
1 Hi,
2
3 A quick intro for people who don't know address sanitizer (asan): It's a
4 feature of gcc and clang adding bounds-checking to c (enabled with
5 -fsanitize=address command line), which will cause applications to crash
6 and throw an error if an invalid memory access happens.
7 Very simple example:
8 int a[2]={1, 1};
9 int b=a[2];
10
11 This is invalid because a[2] does not exist, but usually software will
12 silently ignore such errors. Address Sanitizer catches them.
13
14 Address Sanitizer is supposed to be a debugging-tool, because it slows
15 down things quite a lot.
16
17 I've been playing with the idea of having a full system with almost
18 everything build with address sanitizer for quite a while. Gentoo is
19 obviously a good choice for such a system due to it being source based
20 and flexible.
21
22 I by now have a rudimentary system running in a chroot where everything
23 except glibc, gcc and some deps of gcc is built with asan. I'll probably
24 publish a stage tarball at some point. As asan has been around for a
25 while a lot of stuff is already fixed, so often it's merely a "take the
26 newer version of package X and it works". But in the process of trying
27 to run such a system I already reported a couple of bugs to the
28 corresponding upstreams (e.g. recently in bash).
29
30
31 Why's that interesting? First of all it lets you find bugs. There may
32 be corner cases, but I'm right now not aware of any situation where an
33 error by address sanitizer happens in legit code. An out of bounds
34 access or other memory access errors are always a bug.
35 So in an ideal world it should be possible to just recompile
36 everything with asan and it runs. (You just need to consider the order
37 of recompiling things - you can run an asan-ized software with
38 non-asan-libs, but you cannot do it the other way round: non-asan
39 software with asan-libs break.)
40
41 Such a system could also be interesting as a high security linux
42 variant not vulnerable to common buffer overflows and other memory
43 errors. It is slower, but that may be acceptable. (However it should be
44 said that right now asan is incompatible with grsecurity - and probably
45 people who want a high secure linux variant want grsecurity.)
46
47 For now I just wanted to announce that I'm working on this, so people
48 who care can get in touch with me. I'll probably write a detailed blog
49 post at some point.
50 Depending on how much interest there is this may be something Gentoo
51 wants to consider as an official project and publish official stage
52 tarballs.
53
54 cu, Hanno
55 --
56 Hanno Böck
57 http://hboeck.de/
58
59 mail/jabber: hanno@××××××.de
60 GPG: BBB51E42

Replies

Subject Author
Re: [gentoo-dev] Creating a Gentoo built with Address Sanitizer Kristian Fiskerstrand <k_f@g.o>
Re: [gentoo-dev] Creating a Gentoo built with Address Sanitizer "Anthony G. Basile" <blueness@g.o>