From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <evverx@gmail.com>
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e])
	by sourceware.org (Postfix) with ESMTPS id 74B0A3858C53
	for <elfutils-devel@sourceware.org>; Sat, 22 Oct 2022 10:21:52 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 74B0A3858C53
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-lj1-x22e.google.com with SMTP id bs14so6817114ljb.9
        for <elfutils-devel@sourceware.org>; Sat, 22 Oct 2022 03:21:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=WRcO7ay1uM1W28bzgSzDINHsaekaRBt/PsNfVHijnrE=;
        b=nX/ra7lrmg7nXNIXcp/Sl1zGtelJwLw08+tVXTvgJJ4QCm7DEfDJeY3J4wHGb06sAY
         a89aLrCwF+fKEaYpbuZiWK9rCnlY1qTsSIsTt5rIomeYfP31OHLvNUcEV3rZZNynA6Vm
         3R5tbEBLwwVpM0ipMVad3BcrC9T3ISzs2PF3nLJeIE4XecExwGaJ0+HNlMyQ7wZTdVqn
         +uHkiFXBCXPhrh2L0Cp7tOdHFdzQByYF+j8VA/DF6ZV8nqzQBj3TdgA5/l5XMgp63Spu
         q6UARxRI2PfXpUwJqeMhgsPO4FdzJebFiQBWyjd3HvSa661bPqnG4T7uf8yTWtTGIykX
         VMSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=WRcO7ay1uM1W28bzgSzDINHsaekaRBt/PsNfVHijnrE=;
        b=GRTYHSMAXvf0c3axQZ8ZveuAwwmE6DROqFVaCVkldyxDqBgg2igLbM8UKj8bZ3a6G5
         M/p8auKQ/XxfY2tYbo3wAnSi+ZhW/mLQmSUyiYbkhZk9J/vlo0662Qw5QMiL2CBrV2VB
         BxcC/hy/lkXTBmiNihUO2C5M5z4TyOQjX534yogzeZHMrCMNcqOCHgN+P8Y/QxbEH7S5
         +NmFCs/H/Uxm9j2IAP1ri6osHloZct8xM+NE9NBd3FVKZcfXKQ9rPYRUjhh9b32uemZs
         IXt+/jC/XteMFO5aR9wwzSs5kLdbTzyvCEScJDgtQqyk07zxiLr6MN6+kSXswaRI9JiT
         fMTA==
X-Gm-Message-State: ACrzQf1TAiKZPw5JoDHw2+9aeFLawZJYSzHkmlXbUedgm3p+TulEXLys
	4kgrL1hUwu6NEj4RCPItk4MBF356rMbQN/E6QsY=
X-Google-Smtp-Source: AMsMyM540jc6o2ED3lzw0dDFM8/4T6WWL0xadFKrn7SpBwgq9pvTtOfZayUR/93a9lS9+KNhIYaFOemUYd05B1JgY6g=
X-Received: by 2002:a2e:8719:0:b0:26e:b9:31a9 with SMTP id m25-20020a2e8719000000b0026e00b931a9mr9047575lji.111.1666434110966;
 Sat, 22 Oct 2022 03:21:50 -0700 (PDT)
MIME-Version: 1.0
References: <199C1200-40AC-4AD2-89D4-24E172CBA353@catenacyber.fr>
 <F89D4AE4-496D-4BF1-B7D4-D68B984618D1@catenacyber.fr> <20221021132253.GD24703@redhat.com>
 <CAKKs9ugaOBMSOkkt-iC76Tuzx7dYn=7xnS5rNRZw9+aQsamcSQ@mail.gmail.com> <5321B467-3B16-4E7F-A854-98EC8AD6B2C1@catenacyber.fr>
In-Reply-To: <5321B467-3B16-4E7F-A854-98EC8AD6B2C1@catenacyber.fr>
From: Evgeny Vereshchagin <evverx@gmail.com>
Date: Sat, 22 Oct 2022 13:21:39 +0300
Message-ID: <CAKKs9uj-qoZLWeqJuR1zHTdeXR7Cj+GCiFh1SavTdH+jDpPhiQ@mail.gmail.com>
Subject: Re: Fuzzing elfutils
To: Philippe Antoine <p.antoine@catenacyber.fr>
Cc: "Frank Ch. Eigler" <fche@redhat.com>, elfutils-devel@sourceware.org, 
	david korczynski <david@adalogics.com>, izzeem@google.com
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <elfutils-devel.sourceware.org>

> Could you explain to me why you think it is a false positive ?

As far as I can tell the idea behind that sanitizer is to mostly flag
suspicious attempts to pass file names that
haven't been sanitized in any away and I agree that in some cases
depending on what happens after those files
are opened it can lead to various issues (and for that reason there
are a lot of static analyzers for example complaining
about "tainted" strings, uncontrolled spheres and stuff like that). In
this particular case files go through __libdw_open_file
and their build ids are checked (which makes it kind of hard to read
passwords, tokens and so on and then expose them).

Thanks,
Evgeny Vereshchagin