Hi,
A quick intro for people who don't know address sanitizer (asan): It's a
feature of gcc and clang adding bounds-checking to c (enabled with
-fsanitize=address command line), which will cause applications to crash
and throw an error if an invalid memory access happens.
Very simple example:
int a[2]={1, 1};
int b=a[2];
This is invalid because a[2] does not exist, but usually software will
silently ignore such errors. Address Sanitizer catches them.
Address Sanitizer is supposed to be a debugging-tool, because it slows
down things quite a lot.
I've been playing with the idea of having a full system with almost
everything build with address sanitizer for quite a while. Gentoo is
obviously a good choice for such a system due to it being source based
and flexible.
I by now have a rudimentary system running in a chroot where everything
except glibc, gcc and some deps of gcc is built with asan. I'll probably
publish a stage tarball at some point. As asan has been around for a
while a lot of stuff is already fixed, so often it's merely a "take the
newer version of package X and it works". But in the process of trying
to run such a system I already reported a couple of bugs to the
corresponding upstreams (e.g. recently in bash).
Why's that interesting? First of all it lets you find bugs. There may
be corner cases, but I'm right now not aware of any situation where an
error by address sanitizer happens in legit code. An out of bounds
access or other memory access errors are always a bug.
So in an ideal world it should be possible to just recompile
everything with asan and it runs. (You just need to consider the order
of recompiling things - you can run an asan-ized software with
non-asan-libs, but you cannot do it the other way round: non-asan
software with asan-libs break.)
Such a system could also be interesting as a high security linux
variant not vulnerable to common buffer overflows and other memory
errors. It is slower, but that may be acceptable. (However it should be
said that right now asan is incompatible with grsecurity - and probably
people who want a high secure linux variant want grsecurity.)
For now I just wanted to announce that I'm working on this, so people
who care can get in touch with me. I'll probably write a detailed blog
post at some point.
Depending on how much interest there is this may be something Gentoo
wants to consider as an official project and publish official stage
tarballs.
cu, Hanno
--
Hanno Böck
http://hboeck.de/
mail/jabber: [email protected]
GPG: BBB51E42
