Re: Fuzzing elfutils

2022-10-21 Thread Philippe Antoine
Friendly ping on this ? > Le 22 sept. 2022 à 09:05, Philippe Antoine a écrit > : > > Hello fuzzers, > > I am Philippe Antoine, working on oss-fuzz. > > I implemented a new sanitizer to detect arbitrary file open. > One of these was discovered in elfutils with target > libFuzzer_elfutils_fuzz

Re: Fuzzing elfutils

2022-10-21 Thread Frank Ch. Eigler via Elfutils-devel
Hi - > > Cf https://oss-fuzz.com/testcases?open=yes&q=Arbitrary&proj=elfutils This is inaccessible without logins. > > I would like to know what you think about this. Is this a bug to > > you ? Or is it expected ? [...] Crashes on crafted inputs are generally bugs. Security implications are u

Re: Fuzzing elfutils

2022-10-21 Thread Evgeny Vereshchagin via Elfutils-devel
Hey Philippe, > I implemented a new sanitizer to detect arbitrary file open. I think it's an interesting idea. Among other things it seems it can be used to detect path traversal attacks. I'm not sure how exactly it works at this point but if apart from keeping track of the "open" syscall (and it

[Bug debuginfod/29714] New: debuginfod rely on gcc being configured with --enable-linker-build-i

2022-10-21 Thread mliska at suse dot cz via Elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=29714 Bug ID: 29714 Summary: debuginfod rely on gcc being configured with --enable-linker-build-i Product: elfutils Version: unspecified Status: NEW Severity: norm

Re: [PATCH 1/7] Rename 'hello2.spec.' -> 'hello2.spec' 'hello3.spec.' -> 'hello3.spec'

2022-10-21 Thread Frank Ch. Eigler via Elfutils-devel
Hi - > C:\work\xemu\elfutils>git reset --hard > 4cc429d2761846967678fb8cf5868d311d1f7862 > error: invalid path 'tests/debuginfod-rpms/hello2.spec.' > fatal: Could not reset index file to revision > '4cc429d2761846967678fb8cf5868d311d1f7862'. Sounds like a git-induced problem. Maybe try a differe

[Bug debuginfod/29714] debuginfod rely on gcc being configured with --enable-linker-build-i

2022-10-21 Thread mark at klomp dot org via Elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=29714 Mark Wielaard changed: What|Removed |Added CC||mark at klomp dot org --- Comment #1

[Bug debuginfod/29714] debuginfod rely on gcc being configured with --enable-linker-build-i

2022-10-21 Thread mliska at suse dot cz via Elfutils-devel
https://sourceware.org/bugzilla/show_bug.cgi?id=29714 Martin Liska changed: What|Removed |Added Status|NEW |RESOLVED Resolution|---

Re: Fuzzing elfutils

2022-10-21 Thread Evgeny Vereshchagin via Elfutils-devel
> > > Cf https://oss-fuzz.com/testcases?open=yes&q=Arbitrary&proj=elfutils > > This is inaccessible without logins. To judge from https://github.com/google/oss-fuzz/tree/master/infra/experimental/SystemSan#arbitrary-file-open that new experimental fuzzer isn't documented yet but as far as I can t

[PATCH] debuginfod: Support queries for ELF/DWARF sections

2022-10-21 Thread Aaron Merey via Elfutils-devel
I'm resending this patch with a small modification. I added a new field "progressfn_cancel" to debuginfod_client that indicates whether the most recent query was cancelled due to progressfn returning 1. If a server doesn't support section queries and the client begins downloading a debuginfo or e