From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from sonic312-21.consmr.mail.bf2.yahoo.com (sonic312-21.consmr.mail.bf2.yahoo.com [74.6.128.83]) by sourceware.org (Postfix) with ESMTPS id AD9313951878 for ; Wed, 14 Apr 2021 18:37:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org AD9313951878 X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1618425460; bh=ffzv4JXvQCQ6B4igJy3R7GdXAmHMR8BftVF2EiQFUje=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=TupWj7TxGlpB/Nio5WpcVjBtaSGEvY6ZOpGPvT5KSQqrSCGej2lfvQsBHR3Cn15WF9DZO6ajoXJ7p9Exv0DxWZ6PDPqG74C9ZqAJSEiGRwJwlvyfZ18L7NhTqsvt8BBTVEX9zUZRzYgMsXwzvtqY9mb9kWzGI52mlYeno5j/69g6rhMnYz6mjc4/fb+g+B9kTzsczWHOoaGvmt9HOIYMf93cWjDUoIm4cRIUF+pTD+/lJYzphQG8uEaNJ/cJYlNVSSK7WTe0IewZL8YQpZhdYF3077Ht2qwvo+siC+6CcX/Bza6MU7GVYcm++OI7LSX0u6BvrjfV44pDDV7QK6Xi5g== X-YMail-OSG: X8Xa_pMVM1mcINQ0XeYfQDmf3iIsihUvyKl1hNexLzWq_VlwTzeqJjA2zhOIlW6 XecKrx9q1qaHyNBuYPN6CkQRlWM843zCcAIl_k5fPszuMPeb0AEt7usxKIi5G0W.7.cGswA.R4xX .kec4HSoH04aYRY3k9ZQcozAGoKBK_PxYc.6t.LFDeng.HQpnepmeegP8mbIeJk6XcKDZrytUJEa wehVLMdV4QReOFE11psMV3hsSNMmR3gdZuIo2uaaM8D0S8hJaXP9ehTAF0FtE1kh28gN1LB9qpN1 6vbwLQiIb3CIrergWkUtuqwi42NBUsPlvWAwhMBTwYpvTN0lm8C_FrppBPc4x6G2y1ZWjT6.jBE1 nrwwFb91kSiXdgmchTeNwzA0VwcIQ8k_2wRmQ5jsJnQ0WVevNfxuspCWKasT_Y.cEFHf0Vva4Mi8 1uVksGA8hJSrL3AjusiaFd.MK2uKfsu2Q9ajpmJy75DV08ayBfDq9ozjkGlbwh3BNHkyI4gKfGr. 3qM_AkPzG9a.JDdDv_WagHPQGuwtxRNHJHU2eryqIuKpZvhgpXNGXgV1CRIa.9Ci9kLSQ_UJA21h F4fhpA0OilO62FJQzzEAinkLfWe0YvPWC8eQ2_Zeq0iLD71NYfuxa2afRAKsb0Xj7Syrkh89hTZb WOKytNa6HVi1oF.aTuwWpqMARS0KBQIEbb7GTSXL1F51oG4DuWjuWIbme6AiuxtMS4TEhkpGqCPH P3iK6X.Cw7ysiJuWKZoNJ2khQIsEMJ_hmjJa_9PjMlYrsk7fW4cXDq.YMzWlV2XmQNeKPDTfJNJk ok0c5W3WleqMfj.gVH567CIF6WJ9QWSn3OYILNRmus_hbMjDUsn7J4tKy8nSCHlkjCX_jgaFQ43z l20Mx3wRORg_nj11oxPcVxi6K5Ldqt2fRwKDnvwsa62I7QVCEGkLGXLJQ.3_uYpfKaFFoWDJsEta uh70iUlgkh7mhV_WZ0D0nUHuL.Exm2h9sl3V0In.RNNzwg4j5WSwvcK7TOj.MO0_7jdiZx6l9d9v s2V3spmAU4XpcIbt2wXaKpJsUGTuoPgvefCGRJ2SL5B6.kskHTTLibZeu1bNKfbTcwHNL7sE7CSb RVWy1Zu7Aan52aHejpke11Hpb10zwPcD9wHQk1DITNwVQrukDiahQcBBEqU5cqlzKIxaJBMtiXXx 3lJOzA2Nd7Q.9SofEFob9Z9NK5el1y83prBjmUHnq72jBpQtTwVl4kXL3kGgjia0Mht_IoDY6qNg gCvVhm1Wux2dHkA_fl7C9SWp5zT4ufHgX.xX5YeTYF5n.vwssSI6p4KoqF.RrBOQ9sV546HJNfLz KLhD8kFGvwRZpiOFQKE1ZZ4C6aVlnxbIq70Cirsn3CfeATD.dwckl4Lu5yrPvdCFkmUpc1PM8IO9 pvzL2GOMwQiQaZqdxmWCEFS7usvfJFzHqstuuuBpT6EIfhCx4fTeUZjoSJFjQwfX9nfwSQYbIsm8 TOi.wxs7cn8AEUlGNURrDojNuzIGLqiVWPkzmbhAmU2qgD.y.T4RIv3kvzWWxYTF8YRmh18H3aGT o9KFIwG2K5nh1GuAOHP9_Qbf_kwImTTUEulktNMXuHRxggOBODaJqgviABHpBRmq0feE0t3rUGxJ D9DBe8yE561GfzEaXo5HgCFXjyxTfqFxyeF6lBSvOOjzewrAnK22cpDh9COqOg_.UP5z3PPndTyG IciU2r7Zn59X2X.8UHl2Wto4O5cS2biuKc9wzzRPb_mSOV5AYU1wFH.QPY4xdxb63epTkQpDVjtT X8XB6RElwnrRsFkGFIh.zwu3EllBhky1u3tVjcYRMTokVUUfcinOcDkguiir3OKLHPD5H6GFvlxn yxJmpng0TPLlnbJ3BQi_8P0HrCLEtgGYjiOOBOx8PsZIKNArg.wMcsFsJ6TSWzXvXVy1hCiOncGq 2HYguXPA6v3IR1EuWAYUlymaQ3Bomb38WRGPsEeLYtSya0ejrNLgsXed.1s_0y5cDPiBvqhLN70u UoXURiZclMZLNUKkfKmNtDeyTTtcO4uuSt_s2xULxSnXiafdd3D3929p9MRgZqoaqmXW_FNs_NGN QjYcW_6RGcr.tM.FJFjYDcClqs12Ehwdtk8iEco8rf41gWEBzRRWW9CoWEPBMxeDidcOoPAbzJCA YBTNhnC8YxZ2M7HdSsSGTAOG.WrfwTjE09CvKmVYu2FkgymbTfJaNYyxA4RkCG1jzDsUxHyZSxsV ItpmgnOj.sP77CITbqr994ilBrmnYPca_GtmM4C8DhdmQxJ8VLBTwDjmz_4zK51KS3fadkYBQNGS VolLf2cVSoM8Z3rZiCPsflyxexd1Jp.T.n2L9KOXKFRRhf3VpZpsyYULFgmnn3_k0YORG2_27A4e 6j_ReBb0sDZzVoCwcNIngtkJ91nbXNiCzB4rbWRvCnk8OLgFuYxt9wCXOcLI0pFh0dTc3b9JE_06 PHOUtWNefGHvsMIHhrjRuJ1oB879oMXWdB_jRif_GwZ1HehDLr5KZcRuh X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic312.consmr.mail.bf2.yahoo.com with HTTP; Wed, 14 Apr 2021 18:37:40 +0000 Date: Wed, 14 Apr 2021 18:37:38 +0000 (UTC) From: Jason Long To: Paul Koning Cc: Eli Zaretskii via Gdb Message-ID: <380743744.1194751.1618425458396@mail.yahoo.com> In-Reply-To: <6D6283C4-4860-48E3-B01F-B6C7687A300D@comcast.net> References: <581661034.1177110.1618422536149.ref@mail.yahoo.com> <581661034.1177110.1618422536149@mail.yahoo.com> <6D6283C4-4860-48E3-B01F-B6C7687A300D@comcast.net> Subject: Re: Is GDB just for bug hunting? MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Mailer: WebService/1.1.18121 YMailNorrin Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 X-Spam-Status: No, score=0.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Apr 2021 18:37:42 -0000 Thank you for your useful info. If a program is close source, then=C2=A0code review canceled. Thus, how a s= ecurity researcher finds a=C2=A0vulnerability in a program? On Wednesday, April 14, 2021, 10:32:58 PM GMT+4:30, Paul Koning wrote:=20 I'll give some comments from the point of view of a user of gdb. =C2=A0=C2=A0=C2=A0 paul > On Apr 14, 2021, at 1:48 PM, Jason Long via Gdb wrot= e: >=20 > Hello, > I have some questions and I'm thankful if someone answer to them clearly: >=20 > 1- I want to know, is GDB just useful for bug hunting or a security resea= rcher can use it to find vulnerabilities too? >=20 > 2- Is bug vs vulnerability? Consider someone that find an exploit in a pr= ogram. He/she found a bug or Vulnerability? He/she used a debugger to find = that or any special tool? A bug is any unintended behavior of a program, and more specifically an uni= ntended behavior that has "bad" consequences.=C2=A0 So a vulnerability is a= bug -- obviously by the first definition and almost certainly by the secon= d as well.=C2=A0 But a lot of bugs are not vulnerabilities in the sense tha= t the word is typically used. I don't know what tools are specific to vulnerability search.=C2=A0 GDB doe= s several things.=C2=A0 It lets you examine and modify a running process, a= nd control the execution of a process (via breakpoints or stepping or the l= ike) to find defects and especially to identify the exact cause of a previo= usly observed defect. It seems to me that finding a vulnerability (exploit) is more like discover= ing a bug (learnings of its existence) in the first place.=C2=A0 That's mor= e likely to involve test tools or code reviews rather than GDB sessions.=C2= =A0 Once a vulnerability (bug) has been recognized, the debugger can help u= nderstand the precise mechanism that caused it to exist, and suggest a solu= tion. I suppose another thing a GDB session could do is show sensitive data expos= ure; if a program handles sensitive data and allows that to exist in memory= longer than strictly necessary, that's a risk and examining memory with GD= B may be an easy way to spot such mistakes.=C2=A0 That would show potential= risks like missing zeroization, though it would not necessarily tell you w= hether that's merely sloppy code or an actual weakness. > 3- A debugger could be a Vulnerability researcher or vice versa? I think mostly not.=C2=A0 While there's an overlap in tools and in what you= look for, it seems to me the mindset of the two are rather different.=C2= =A0 As an analogy, there's some overlap between cryptographers and programm= ers, but very few programmers are cryptographers. =C2=A0=C2=A0=C2=A0 paul