From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com [209.85.167.52]) by sourceware.org (Postfix) with ESMTPS id 470A3396E849 for ; Wed, 14 Apr 2021 19:05:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 470A3396E849 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=rtems.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=joel.sherrill@gmail.com Received: by mail-lf1-f52.google.com with SMTP id x19so4551506lfa.2 for ; Wed, 14 Apr 2021 12:05:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=ODEvep/2qOT4Nt4aFmrJ5W//aXCWNrADugVwoIN5iKA=; b=E2iZV7zxrPtvoKBmj4A6bMwzBHNHCjp1L3DhGBHUFq+sFyksHOTqkNAw7ebZ59VdSy 6bH7jiL261eiqrbm3lPv2vtjLzGeX17cFtPsjx+6KH0+x/i6+3GwefJac8JJPr4tZodf 1tonQTgOhGN2VDFRBbZ5qTlyhZ11e6pYyPO0xIVGayQTgFr2tbJWrGC7B+fh9MJSJMeF Vc/IUnQWI6sbGbL5NFzYYstUHdbJrYbk+Ui7dPAc1nlEJyhN4PIXqljAW/9v8pZWKbZq V3VOJ+ODeK/hr+Ac5HzcPSejm0rt7QK7Xu8rUuzi0o3g6NMSgoRqQVZZ6ed7d3A6trNy 63Eg== X-Gm-Message-State: AOAM532FjLFgL3uzKK/UTIy04r+IfIV6MVSSVuPL+LAJ8kebEYHSrK2C eBI/YQtfJI0NtRCGPLiNkpG7K/MKepXFZA== X-Google-Smtp-Source: ABdhPJxulEPXD0CL0Her/iMvH67EjJcUxQ0g2bzQsmYCKgG2DXZRU3V3vCYL+BlkYRoQ+t6ZlDf7WQ== X-Received: by 2002:ac2:4e84:: with SMTP id o4mr4570432lfr.557.1618427146862; Wed, 14 Apr 2021 12:05:46 -0700 (PDT) Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com. [209.85.167.49]) by smtp.gmail.com with ESMTPSA id t2sm141163lfc.58.2021.04.14.12.05.46 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 14 Apr 2021 12:05:46 -0700 (PDT) Received: by mail-lf1-f49.google.com with SMTP id 12so34835141lfq.13 for ; Wed, 14 Apr 2021 12:05:46 -0700 (PDT) X-Received: by 2002:ac2:5eca:: with SMTP id d10mr25884170lfq.525.1618427146557; Wed, 14 Apr 2021 12:05:46 -0700 (PDT) MIME-Version: 1.0 References: <581661034.1177110.1618422536149.ref@mail.yahoo.com> <581661034.1177110.1618422536149@mail.yahoo.com> <6D6283C4-4860-48E3-B01F-B6C7687A300D@comcast.net> <380743744.1194751.1618425458396@mail.yahoo.com> <40861674-D931-44C6-A4CE-50DC6516DEDF@comcast.net> In-Reply-To: <40861674-D931-44C6-A4CE-50DC6516DEDF@comcast.net> Reply-To: joel@rtems.org From: Joel Sherrill Date: Wed, 14 Apr 2021 14:05:34 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Is GDB just for bug hunting? To: Paul Koning Cc: Jason Long , Eli Zaretskii via Gdb X-Spam-Status: No, score=-3031.9 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Apr 2021 19:05:49 -0000 On Wed, Apr 14, 2021, 1:48 PM Paul Koning via Gdb wrote: > > > > On Apr 14, 2021, at 2:37 PM, Jason Long wrote: > > > > Thank you for your useful info. > > If a program is close source, then code review canceled. Thus, how a > security researcher finds a vulnerability in a program? > > Agreed, code review only applies if the source is visible. More > precisely, if the source is allowed to be disclosed; researchers looking at > the code while under NDA does not count and serves no significant purpose. > > In those case, you're left with test stimuli and reverse engineering. For > "never seen before" defects, you either need luck (an existing test happens > to catch it) or a different kind of luck (you created a new test that > happens to catch it) or lots of skill (you saw the issue during a reverse > engineering session). > > GDB can help with reverse engineering. It's probably not ideal for > disassembly let alone decompiling, but it does offer disassembly and it > also gives you insight into the state of the running application and how it > changes during execution. > If you have source, you can use a trick I like. You can look at constant data in a nice format even for cross compiled programs without attaching to a target. Sometimes this is a good way to make sure your data structures are right without really debugging. I suppose with the Python scripting you could do a lot of you knew the source. I've always wanted some scripting to analyse the state of an RTEMS system via gdb to find priority inversions, etc. You could potentially do some really powerful introspection. But without application source, things become harder. --joel > paul > >