From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id D352B3858D32 for ; Sun, 24 Sep 2023 13:23:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D352B3858D32 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1695561790; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hHUlPyDXbj88+Dwga34v80IpVI2tMcMaxdw0GP+Mz3M=; b=GlVsBbEM18TRJ0ls92Zyg60TGSNMM7qDXNlYaXH4OV9gfQVn6AT++EaUrNRSOX9LvGO4L+ lx7KmaHLgB/+3NAVfDpeUke3iRwzNRK8NecHnXx+Nak2QgrldXgTwdzuoI92wyM/IvbzHZ yZbFv2VbUJkw5AolbxAxmpiM4rNzNaA= Received: from mail-qv1-f69.google.com (mail-qv1-f69.google.com [209.85.219.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-255-8LdaAexxMQmZnRliBXGYEQ-1; Sun, 24 Sep 2023 09:23:06 -0400 X-MC-Unique: 8LdaAexxMQmZnRliBXGYEQ-1 Received: by mail-qv1-f69.google.com with SMTP id 6a1803df08f44-65af3fd7a55so28920116d6.2 for ; Sun, 24 Sep 2023 06:23:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695561786; x=1696166586; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hHUlPyDXbj88+Dwga34v80IpVI2tMcMaxdw0GP+Mz3M=; b=PWYFnZOkJUfj0gkU58rHSJshAjjg86/16inKAXjhp5b5fQ5hoQeU4P5u+B1ZW9FKsQ bvrX9LxSqxEDAu/y4+d3J15Nyr14npcNHhISaiyFWVOeq49VqY2eqQ5O2vrTZhuCHh1x RlaUJtQenB0Pl1b0IpHoZnIV4gcRAB5FTG1xw17cMdZJf3k9ZZvc6TdZFZYt5js0i4Mj FwmCH5qEZAQT/jXQqUZVMIDhlyMujpWIkkBnV9K1rGmdxLcVknKTxQGPBBNiL6I6hRln mYBtsDkfS4Eeb/p/QdQLnYtF4VGu5cE8CON1SDM0sMoP7KjIwaSql4dNrs/7clKnggRW 7Sxw== X-Gm-Message-State: AOJu0YxO/SItJWYsWVn90hW4cruxhwhSTQjIJRYvkftyx82txKxSqz9V B/7Pi1ujnOYhl3yxzduh0qESKcwJZtgG+X8XLpo1gw0sYPdS0d+ZQNMcrI2xz/iCukvpxjZddDl nxIa+KfefvpuTEdGeSDk1UQ== X-Received: by 2002:a0c:aa07:0:b0:656:3046:28ab with SMTP id d7-20020a0caa07000000b00656304628abmr2858448qvb.45.1695561786058; Sun, 24 Sep 2023 06:23:06 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF3QNgVBEzo1s3f2oPOZjtYiwwy2O1JhCbxUQiEHjfHUJK4krnttxo0GDpGXs0IOnquElfAaw== X-Received: by 2002:a0c:aa07:0:b0:656:3046:28ab with SMTP id d7-20020a0caa07000000b00656304628abmr2858441qvb.45.1695561785720; Sun, 24 Sep 2023 06:23:05 -0700 (PDT) Received: from [10.228.5.150] ([195.89.33.213]) by smtp.gmail.com with ESMTPSA id y18-20020a0ce052000000b0064f4e0b2089sm3251599qvk.33.2023.09.24.06.23.04 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 24 Sep 2023 06:23:05 -0700 (PDT) Message-ID: <4e6bdb93-4671-9ee6-5a89-b9ffba797cff@redhat.com> Date: Sun, 24 Sep 2023 15:23:03 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: Debugging vs Reverse Engineering To: Jason Long , SCOTT FIELDS via Gdb References: <2065504698.3252109.1695560949235.ref@mail.yahoo.com> <2065504698.3252109.1695560949235@mail.yahoo.com> From: Guinevere Larsen In-Reply-To: <2065504698.3252109.1695560949235@mail.yahoo.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 24/09/2023 15:09, Jason Long via Gdb wrote: > Hello folks,I have two questions: Hello, thanks for the questions! > 1- Can a debugger like GDB be used to find the vulnerability? Yes, you could use GDB to find some security vulnerabilities, though it is hardly the best tool for this job. The kind of stuff you'd find with GDB is a logic mistake that leads to information leaks or similar. In my experience, though, GDB is more useful to look at one unexpected behavior and figure out if that leads to a security vulnerability or not, rather than going form scratch and giving the program unexpected or malicious inputs. > > 2- When a hacker finds a vulnerability in a program, has that hacker used debugging techniques or reverse engineering? Reverse engineering doesn't necessarily have to do with security. Reverse engineering is the act of getting something that is not understood and trying to understand it without having access to any kind of documentation. I don't recommend running unknown binaries in your machine, since GDB doesn't provide any security, but if you are doing that, stepping slowly and trying to understand how the program works, you are doing reverse engineering. It doesn't have to relate at all to security. With that in mind, the answer to your question is "it depends". The stuff you can find with GDB alone will always involve debugging techinques, but with regards to reverse engineering techniques, the question is does the vulnerability come in from the fact that the attacker knows the internal mechanisms for the program or not? If it does, then yes you could say you found a vulnerability by reverse engineering. > Any idea welcomed. > > Thank you. > I hope this helps! -- Cheers, Guinevere Larsen She/Her/Hers