On Wed, Mar 7, 2018 at 7:30 AM, <[email protected]> wrote: > > Hi, > > I have a suggestion about sanitizer. > Even though what I have a high-level concept only, > I want to get some feedback from here. > > Especially, I wanna know what you think about whether this solution is > needed or not. > or If It is already exist, let me know. > (If below content have something wrong, please let me know.) > > For details of my idea, please check below. (README.md) > - https://github.com/jinb-park/rsan/ > > I don't develop anything yet, but I have a plan to develop my idea as PoC.
Hi Jinbum, Could you clarify few aspects? > :: for user-space binary It is similar to memcheck of valgrind. How will it be different from memcheck? ASAN is already similar to memcheck, just faster. So why not just use ASAN? > Perform the wrong shift. ==> I think It can be a improvement point. ==> exit > process at this point by various ways. It can be helpful to block a chance to > exploit. I think there is already an option for this. All sanitizers are capable of terminating the process on first bug. > :: for loadable kernel module AFAIK, Runtime-sanitization hasn't tried yet on > LKM. (right??) KASAN can perfectly work on kernel modules, if they are instrumented. Potentially one could instrument only a single module (but not kernel code code) and enable KASAN runtime. The same can be achieved with runtime binary instrumentation too, but will be much more complex. Is it what you mean? > :: How to minimize instrumentation?? Only Functions influenced by user input > can be instrumented. In the case of kernel driver, It is not difficult to > extract function list to be instrmented. How do you want o extract this list of functions? Or you mean that user supplies the list? -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
