1 / 27

Debugging Debian

Debugging Debian. Raul Gonzalez Jenna Kallaher Costas Akrivoulis. (Proposed) Toolbox. Static Analysis Clang CPPCheck Splint Coverity Dynamic Analysis Zzuf Sulley Peach. Tools for Fools. Sulley - Install/Config Problems "Linux, you can figure it out"

moral
Télécharger la présentation

Debugging Debian

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Debugging Debian Raul Gonzalez Jenna Kallaher Costas Akrivoulis

  2. (Proposed) Toolbox Static Analysis • Clang • CPPCheck • Splint • Coverity Dynamic Analysis • Zzuf • Sulley • Peach

  3. Tools for Fools Sulley - Install/Config Problems • "Linux, you can figure it out" Peach - Requires fair bit of setup • Needs XML describing how to fuzz / invoke programs Coverity - Learning Curve...

  4. (Real) Toolbox Static Analysis • Clang • CPPCheck • Splint Dynamic Analysis • Zzuf

  5. Zzuf Requires program with input • Files preferable • Can't test libraries independently • Hard to find targets in default Debian Mplayer, Openoffice, FFMpeg, Iceweasel, Totem

  6. Static Process Source Code Raw Findings Filtered Findings Confirmed Bugs Vulnerable Bugs

  7. CPPCheck Easiest to use - point and shoot Null Pointer Dereferences Array out of bounds accesses Uninitialized Variables

  8. Clang Static Analyzer Requires project source code • project must be written in C/C++ Detailed issue report • file + line, conclusion, and argument Can check any appropriate Debian package

  9. Format String … ?

  10. Kernel - slabinfo.c

  11. Kernel - slabinfo.c

  12. Kernel - slabinfo.c

  13. Kernel - slabinfo.c

  14. Kernel - slabinfo.c

  15. Kernel - slabinfo.c

  16. Findings • Thousands of findings from Clang, cppcheck, splint • Hundreds of confirmed false positives • Hundreds of instances of undefined or risky behavior • 31 Confirmed bugs [libavcodec/ffv1.c:781]: (error) Array index -1 is out of bounds [libavcodec/ffv1.c:781]: sample[i][-1] = sample[0][0]

  17. Bugs Found by Tool

  18. Findings • Enough data generated by the tools • Remainder of our time focused on manual inspection of findings • Interesting errors remain • buffer overflow errors in linux-base • sprintf usage errors from libupnp

  19. Libupnp- upnptools.

  20. Questions?

  21. END

  22. References • https://www.owasp.org/index.php/Fuzzing • Software Model Checking Extracting Verification Models from Source Code • The Concept of Dynamic Analysis (Thomas Ball) • http://blogs.msdn.com/b/michael_howard/archive/2006/01/26/517975.aspx • http://blogs.msdn.com/b/michael_howard/archive/2006/05/19/602077.aspx • Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software

More Related