On Wed, Mar 7, 2018 at 7:30 AM,  <jinb.pa...@gmail.com> wrote:
> Hi,
> I have a suggestion about sanitizer.
> Even though what I have a high-level concept only,
> I want to get some feedback from here.
> Especially, I wanna know what you think about whether this solution is
> needed or not.
> or If It is already exist, let me know.
> (If below content have something wrong, please let me know.)
> For details of my idea, please check below. (README.md)
> - https://github.com/jinb-park/rsan/
> I don't develop anything yet, but I have a plan to develop my idea as PoC.

Hi Jinbum,

Could you clarify few aspects?

> :: for user-space binary It is similar to memcheck of valgrind.

How will it be different from memcheck? ASAN is already similar to
memcheck, just faster. So why not just use ASAN?

> Perform the wrong shift. ==> I think It can be a improvement point. ==> exit 
> process at this point by various ways. It can be helpful to block a chance to 
> exploit.

I think there is already an option for this. All sanitizers are
capable of terminating the process on first bug.

> :: for loadable kernel module AFAIK, Runtime-sanitization hasn't tried yet on 
> LKM. (right??)

KASAN can perfectly work on kernel modules, if they are instrumented.
Potentially one could instrument only a single module (but not kernel
code code) and enable KASAN runtime.
The same can be achieved with runtime binary instrumentation too, but
will be much more complex. Is it what you mean?

> :: How to minimize instrumentation?? Only Functions influenced by user input 
> can be instrumented. In the case of kernel driver, It is not difficult to 
> extract function list to be instrmented.

How do you want o extract this list of functions? Or you mean that
user supplies the list?

You received this message because you are subscribed to the Google Groups 
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to address-sanitizer+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to