Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(27)

Issue 622002: Add rudimentary Linux exploitability analysis

Can't Edit
Can't Publish+Mail
Start Review
Created:
7 years, 11 months ago by mattdr
Modified:
7 years, 10 months ago
Reviewers:
Cris Neckar
CC:
mattdr
Base URL:
http://google-breakpad.googlecode.com/svn/trunk/
Visibility:
Public.

Description

This change adds very simple exploitability analysis for Linux binaries. The
only signals currently considered are whether the process exited because a stack
overflow or buffer overflow was detected.

Add exploitability tests for stack smash and stack overflow crashes on Linux.

Rename EXPLOITABLITY_MEDIUM [sic, note the missing 'I'] to
EXPLOITABILITY_MEDIUM. Keep the former as an alias for the latter for
compatibility.

Remove some unused code from the exploitability tests and refactor the rest to
be shorter and easier to read.

Patch Set 1 #

Patch Set 2 : a few more tweaks to formatting in process_state.h #

Patch Set 3 : forgot a symbol file #

Patch Set 4 : comments, style changes #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats Patch
Makefile.am View 6 chunks +7 lines, -0 lines 0 comments Download
Makefile.in View 16 chunks +20 lines, -0 lines 0 comments Download
configure View 154 chunks +305 lines, -257 lines 0 comments Download
src/google_breakpad/processor/process_state.h View 1 1 chunk +28 lines, -26 lines 0 comments Download
src/processor/exploitability.cc View 2 chunks +6 lines, -3 lines 0 comments Download
src/processor/exploitability_linux.cc View 1 2 3 1 chunk +84 lines, -0 lines 1 comment Download
src/processor/exploitability_linux.h View 1 2 3 1 chunk +55 lines, -0 lines 0 comments Download
src/processor/exploitability_unittest.cc View 1 chunk +44 lines, -176 lines 0 comments Download
src/processor/testdata/linux_overflow.dmp View 1 3 0 chunks +-1 lines, --1 lines 0 comments Download
src/processor/testdata/linux_stacksmash.dmp View 0 chunks +-1 lines, --1 lines 0 comments Download
src/processor/testdata/symbols/ld-2.13.so/C32AD7E235EA6112E02A5B9D6219C4850/ld-2.13.so.sym View 1 chunk +782 lines, -0 lines 0 comments Download
src/processor/testdata/symbols/libc-2.13.so/F4F8DFCD5A5FB5A7CE64717E9E6AE3890/libc-2.13.so.sym View 1 chunk +13458 lines, -0 lines 0 comments Download
src/processor/testdata/symbols/libgcc_s.so.1/18B180F90887D8F8B5C35D185444AF4C0/libgcc_s.so.1.sym View 1 2 1 chunk +897 lines, -0 lines 0 comments Download
src/processor/testdata/symbols/overflow/B0E1FC01EF48E39CAF5C881D2DF0C3840/overflow.sym View 1 chunk +6709 lines, -0 lines 0 comments Download

Messages

Total messages: 7
mattdr
7 years, 10 months ago #1
mattdr
7 years, 10 months ago #2
mattdr
Hi folks. Could someone take a look at this review? Thanks.
7 years, 10 months ago #3
mattdr
Ping. On Thu, Sep 12, 2013 at 3:38 PM, <mattdr@google.com> wrote: > Hi folks. Could ...
7 years, 10 months ago #4
Lei Zhang (chromium)
7 years, 10 months ago #5
Cris Neckar
I'm looking now. Sorry I almost never look at the breakpad codereview site :)
7 years, 10 months ago #6
Cris Neckar
7 years, 10 months ago #7
LGTM with nit

https://breakpad.appspot.com/622002/diff/10001/src/processor/exploitability_l...
File src/processor/exploitability_linux.cc (right):

https://breakpad.appspot.com/622002/diff/10001/src/processor/exploitability_l...
src/processor/exploitability_linux.cc:73: return EXPLOITABILITY_MEDIUM;
I might even argue for High here as these both seem like pretty clearly bad
scenarios. I was mostly using medium for things that were bad in the wrong
context but where context couldn't reliably be determined. In both of these
cases the crash seems like it would be very likely to be user controllable.
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 1004:630ec63f810e-tainted