[Toybox] Kernighan's awk repo

Andy Chu andychup at gmail.com
Fri Jul 22 21:13:15 PDT 2016


> It looks like the asan support boils down to:
>
> NOSTRIP=1 CC=$CLANG_DIR/bin/clang CFLAGS="-fsanitize=address -g" make

It's also better to have some runtime support as well, i.e. set
ASAN_SYMBOLIZER_PATH so it uses debug info to show function names, and
not just hex addresses.  It is easy to confuse build and runtime
options, but I like keeping them separate in the Makefile and test.sh
respectively.  The bwk repo is set up the same way if you want an
example.

Also, the other sanitizers are useful, and coverage is another build
variant (roughly, it adds machine instructions to increment counters
for every line/branch/etc.)

> Sigh, I'm building llvm 3.8.0 here so following the blfs instructions so
> I can reproduce this. (what on earth is clang-analyzer? I take it _that_
> is the static analysis tool I was thinking of?)

You know you can just download the binaries right?  I've heard that
building LLVM/clang takes forever.

>> but that's still a bad idea, and not fixing bad style like that (which
>> you did fix) means you can't use asan to find all the other bugs. that
>> would definitely be throwing the baby out with the bathwater. i think
>> it's an open question how security-critical we should consider the
>> various things implemented by toybox. my personal opinion is toward
>> the "not at all" end of the spectrum,
>
> I want them to be secure. I'm just not convinced these tools help.

They definitely help.  Buffer overflows controlled by user input are
security holes, and these tools are extremely good at finding buffer
overflows (as long as you have test coverage, which you need anyway).
You have user input in wget/tar/compression/crypto/grep/sed/etc.  And
even "find"... if you are a sys admin for hosted users, they can
attack you via filenames and metadata and gain your privileges.

The other sanitizers also catch integer overflow (integer overflow
that HAPPENED, not possible).  I'm pretty sure you had some of those
too, I think in tar or gz.  Integer overflow causes security bugs that
most developers find hard to reason about (whereas most people get
buffer overflows these days.)

Andy


More information about the Toybox mailing list