Re: MIT discovered issue with gcc

[Michael Tautschnig]

[...]
> Isn't it interesting that their one example will potentially dereference
> the null pointer even before compiler optimizations (from the paper):
> 
> struct tun_struct *tun=;
> struct sock *sk = tun->sk;
> if(*tun) return POLLERR;
> 
>  The check to see that tun is non-null should occur before use, as in -
> quite frankly it is useless to check after as tun cannot be the null
> pointer (the program hasn't crashed):
> 
[...]

They do say in the paper that the code possibly dereferences a null pointer,
irrespective of optimisation or not. Thus the code was always broken, it might
just have been missed, because compilers could have considered reordering the
instructions or maybe substitute the expression tun->sk for sk.

Best,
Michael



pgpYayGM_Ly7b.pgp
Description: PGP signature

Re: MIT discovered issue with gcc

[Michael Tautschnig]

Hi Andrew, hi all,

> I understand that Debian has a bunch of vulnerabilities as described in
> the following PDF.
> 
> http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf
> 
> Just a small quote:
> 
> "This paper presents the first systematic approach for
> reasoning about and detecting unstable code. We implement
> this approach in a static checker called Stack, and
> use it to show that unstable code is present in a wide
> range of systems software, including the Linux kernel and
> the Postgres database. We estimate that unstable code
> exists in 40% of the 8,575 Debian Wheezy packages that
> contain C/C++ code. We also show that compilers are
> increasingly taking advantage of undefined behavior for
> optimizations, leading to more vulnerabilities related to
> unstable code."

This should be taken with a grain of salt. (I'm doing research in the area of
automated software analysis myself.) It clearly is a well-written paper with a
nice tool. Yet "unstable code" results from code that would otherwise be
considered bogus anyway (they give a nice list in Figure 3 in their paper), thus
it is not necessarily the case that compilers introduce completely new bugs -
they just might make the existing ones worse. The use of the term
"vulnerabilities" could be very misleading here: not all bugs yield security
issues - many of them might just lead to unexpected behaviour, and not be
exploitable to gain elevated privileges or the like.

Consider the fact that Debian's source packages contain more than 200 million
lines of code. If we trust Steve McConnell's "Code Complete" book, industry
average lies at 15-50 errors per 1000 lines of code, which is more than 1 in 100
lines. In a very simplified way of reasoning, I'd dare to conclude that at least
2 million further bugs remain to be discovered.

> 
> This looks very serious indeed, but a quick search of Debian mailing
> lists didn't show anything being acknowledged for this issue should
> Debian users be concerned?
> 

Probably not more than before, but as much as always: you are using code that
hasn't be proved to be correct. But with open-source software at least you know
what code you are using, and which bugs are being found.

Hope this helps,
Michael




pgpBNu5wEeJR_.pgp
Description: PGP signature

Re: Automatic debiian installation

[Michael Tautschnig]

[sorry for cross-posting, I guess this thread should move away from
debian-devel, but I'm not subscribed to any of the others]

> Hello,
>
> I would like to use a system to install automatically all my debian pc.
> But
> i don't know wich could be the best between FAI and  PRESSEED.
>
> Somebody could explain the difference 
>
> the avantage and disavantage of the two methodes...!
>

It depends a lot on your specific needs. If you're fine with setting whatever is
debconf-configurable (be it at install time, using d-i's preseeding options, or
rather at the level of the installed packages), preseeding may be an appropriate
way to go. 

FAI, on the other hand, is a very flexible framework for installing systems.
Debconf preseeding is supported, but just one option out of many. You might want
to run several scripts for fine-tuning your system, copy over config files, etc.
Flexibility comes at the cost of probably slightly higher complexity, but people
tend to get to know it quite easily.

HTH,
Michael



pgprYJdAJ1ImX.pgp
Description: PGP signature