Brussels / 30 & 31 January 2016


Can we run C code and be safe?

A Linux system protected with Address Sanitizer

The talk will present a Linux system completely built with Address Sanitizer. Address Sanitizer is a protection mechanism in the gcc and clang compilers that detects and prevents various memory corruption bugs.

Common C coding bugs like buffer overflows, use after free errors and other errors accessing invalid memory are still amongst the most prevalent security issues in today’s software. Modern operating systems have mitigations like ASLR and Stack Canaries, but they can often be circumvented. The gcc and clang compilers come with a feature called Address Sanitizer (short: ASAN). It detects memory access bugs at runtime and stops the program execution. Compared to other previous solutions Address Sanitizer is relatively fast, although it still causes a significant performance hit. It can usually be used with real world software without any modifications. Address Sanitizer is primarily designed as a debugging tool and as such it has been remarkably successful. The speaker has used ASAN in combination with fuzzing to successfully uncover a large number of bugs. But Address Sanitizer could also be used in production. Recently the Tor project started publishing nightly builds of its browser bundle protected with Address Sanitizer. The speaker will present a fully working Linux system (based on Gentoo) with everything except a few core parts compiled with Address Sanitizer. Just trying to do that already uncovered several memory access bugs in core packages like bash and coreutils.


Hanno Böck