From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) by sourceware.org (Postfix) with ESMTPS id D60D43856DC0 for ; Fri, 21 Oct 2022 13:33:42 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D60D43856DC0 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lf1-x130.google.com with SMTP id bu25so5169875lfb.3 for ; Fri, 21 Oct 2022 06:33:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=iQ42zjjS7FjWYHgg3jSi20RYCOYytDw5GWUh0uAhm7o=; b=ZKTz9osxjt99tfrtLQ7adGWVJPk4Gomnt2t7EsikcGVMprIqPMRyB7VPKarsZ0fnCu ZKYyi84skljDWeODvJu5FoYOQc8VNfWYB9Oil8LkewGSobUY573WVkL6g+YHIBsykv85 0jNK2iWoGhpvTnitaME8MV9lzO4bf9ftwikxhyvCjz7AJbERIenX9i9jyg9c7WyZNzg+ yYVAvK/oace1iteL/lLbeLQ9FNBj8xUQ2d0Wm9EPfS5gKmKQ6BVxI/mVdHAsAoKbxCzC 2aBGxL0VBhALt74z/RWnPXPtavpKoAh7WcGdkUjqH3n4MBLV9Dq3V9vWioMbNeX5i7aq 0DTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=iQ42zjjS7FjWYHgg3jSi20RYCOYytDw5GWUh0uAhm7o=; b=p/XhB3ytP7AEc+MYNK3s5isAS4ZhOPIwVbP0+F193eO7DvQO+RSvseMmakdCecwX05 BgHV0n34DvsRnxOys3Wnhd5vxehjCpH1a+7Kpuih1a/iq/lUP74WwACv/x/4/43IdXpu F3c5e57bNf2JaxpdRdxlCS9Gdx8n7bRMojlTDvfFZYQKGT2UAg3Zy2xSSEVoHm499eoh 4vRn7vK+PHk756x9YK80ykP0hocoKMio/MrDvn7CujqzsxPWiZ+3rJln/ebD1w6p2bL6 aCMEHQCkbl/Ef2CyM1yIiZAXhXvaeaXcCCBmEgsNEEEhgJHiyFu3ye+C5002M+4PoE8y 3cCQ== X-Gm-Message-State: ACrzQf0X4y9JsrFuXN8mmnbo5Qe7TZgHwpnpbKSbZwW3pxFPhtk9wcxR J6EoDwevfkUdHgkdX5L5zCMUtT3ezFNv8XKM45s= X-Google-Smtp-Source: AMsMyM5ZNsGqj1L9gkMDuBDzgedRGP7Np4gzy4dHQcxYC88LiyA8EbtIRFee7cWHczcPPHN+mK2VU9OnrLZPN7YREeo= X-Received: by 2002:a05:6512:104c:b0:4a2:6cee:ae17 with SMTP id c12-20020a056512104c00b004a26ceeae17mr6411611lfb.417.1666359221314; Fri, 21 Oct 2022 06:33:41 -0700 (PDT) MIME-Version: 1.0 References: <199C1200-40AC-4AD2-89D4-24E172CBA353@catenacyber.fr> In-Reply-To: From: Evgeny Vereshchagin Date: Fri, 21 Oct 2022 16:33:29 +0300 Message-ID: Subject: Re: Fuzzing elfutils To: Philippe Antoine Cc: elfutils-devel@sourceware.org, david korczynski , izzeem@google.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hey Philippe, > I implemented a new sanitizer to detect arbitrary file open. I think it's an interesting idea. Among other things it seems it can be used to detect path traversal attacks. I'm not sure how exactly it works at this point but if apart from keeping track of the "open" syscall (and its variations) it could detect attempts to write data to random files it would be great. > I would like to know what you think about this. Is this a bug to you ? Or is it expected ? > Could this be exploited somehow by an attacker to get secrets such as ~/.ssh/id_rsa ? I don't think it can be exploited to expose stuff that shouldn't be exposed. Thanks, Evgeny Vereshchagin