From: Philippe Antoine <p.antoine@catenacyber.fr>
To: elfutils-devel@sourceware.org
Cc: david korczynski <david@adalogics.com>,
evverx@gmail.com, izzeem@google.com
Subject: Re: Fuzzing elfutils
Date: Fri, 21 Oct 2022 14:58:52 +0200 [thread overview]
Message-ID: <F89D4AE4-496D-4BF1-B7D4-D68B984618D1@catenacyber.fr> (raw)
In-Reply-To: <199C1200-40AC-4AD2-89D4-24E172CBA353@catenacyber.fr>
[-- Attachment #1: Type: text/plain, Size: 634 bytes --]
Friendly ping on this ?
> Le 22 sept. 2022 à 09:05, Philippe Antoine <p.antoine@catenacyber.fr> a écrit :
>
> Hello fuzzers,
>
> I am Philippe Antoine, working on oss-fuzz.
>
> I implemented a new sanitizer to detect arbitrary file open.
> One of these was discovered in elfutils with target libFuzzer_elfutils_fuzz-dwfl-core
> Cf https://oss-fuzz.com/testcases?open=yes&q=Arbitrary&proj=elfutils
>
> I would like to know what you think about this. Is this a bug to you ? Or is it expected ?
> Could this be exploited somehow by an attacker to get secrets such as ~/.ssh/id_rsa ?
>
> Cheers,
> Philippe
>
next parent reply other threads:[~2022-10-21 12:58 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <199C1200-40AC-4AD2-89D4-24E172CBA353@catenacyber.fr>
2022-10-21 12:58 ` Philippe Antoine [this message]
2022-10-21 13:22 ` Frank Ch. Eigler
2022-10-21 19:57 ` Evgeny Vereshchagin
2022-10-22 9:27 ` Philippe Antoine
2022-10-22 10:21 ` Evgeny Vereshchagin
2022-10-21 13:33 ` Evgeny Vereshchagin
2014-12-31 11:03 Mark Wielaard
-- strict thread matches above, loose matches on Subject: below --
2014-12-29 3:16 Alexander Cherepanov
2014-12-23 11:42 Mark Wielaard
2014-12-21 22:20 Alexander Cherepanov
2014-12-19 0:13 Mark Wielaard
2014-12-18 18:15 Alexander Cherepanov
2014-12-12 12:08 Mark Wielaard
2014-12-08 9:14 Mark Wielaard
2014-12-08 8:52 Mark Wielaard
2014-12-08 3:06 Alexander Cherepanov
2014-12-08 1:01 Alexander Cherepanov
2014-12-05 8:58 Mark Wielaard
2014-12-04 23:10 Alexander Cherepanov
2014-12-04 16:03 Mark Wielaard
2014-12-04 14:27 Mark Wielaard
2014-12-03 15:16 Alexander Cherepanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=F89D4AE4-496D-4BF1-B7D4-D68B984618D1@catenacyber.fr \
--to=p.antoine@catenacyber.fr \
--cc=david@adalogics.com \
--cc=elfutils-devel@sourceware.org \
--cc=evverx@gmail.com \
--cc=izzeem@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).