From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id 3mgEEgE5d2DmWQAAWB0awg (envelope-from ) for ; Wed, 14 Apr 2021 14:48:33 -0400 Received: by simark.ca (Postfix, from userid 112) id 3CE9C1F104; Wed, 14 Apr 2021 14:48:33 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 8014A1E783 for ; Wed, 14 Apr 2021 14:48:32 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 1006C3851C2B; Wed, 14 Apr 2021 18:48:32 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1006C3851C2B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1618426112; bh=ws6H6z/rYDbX5II1vTlELAWYYqgkq7jfq5hlJ4NELSg=; h=Subject:In-Reply-To:Date:References:To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=DXN8ebJ70NMkopgLmCumhykXropxMmsWsl67tM7mFjjklY1Mx8Yi37nzw+ckHrnj3 mxTf79ldbXb/Cxwrk/OPwk8xxiAK8UL4Ah66PwGf7cm6dQUT6IfYP/f7sZvtGVK97l 1kCyBgFVHUGc5UT38LOzEuOtUNA4qVqSy4yy7U6A= Received: from resqmta-po-08v.sys.comcast.net (resqmta-po-08v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:167]) by sourceware.org (Postfix) with ESMTPS id 985133851C2B for ; Wed, 14 Apr 2021 18:48:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 985133851C2B Received: from resomta-po-16v.sys.comcast.net ([96.114.154.240]) by resqmta-po-08v.sys.comcast.net with ESMTP id WjTulyq9NArcZWkYtlQDDd; Wed, 14 Apr 2021 18:48:27 +0000 Received: from pkoning.akdesign.com ([73.60.223.101]) by resomta-po-16v.sys.comcast.net with ESMTPSA id WkYnlIssTtZBaWkYrlvDzX; Wed, 14 Apr 2021 18:48:27 +0000 X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgeduledrudeluddgudefudcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucevohhmtggrshhtqdftvghsihdpqfgfvfdppffquffrtefokffrnecuuegrihhlohhuthemuceftddunecunecujfgurheptggguffhjgffgffkfhfvofesthhqmhdthhdtvdenucfhrhhomheprfgruhhlucfmohhnihhnghcuoehprghulhhkohhnihhnghestghomhgtrghsthdrnhgvtheqnecuggftrfgrthhtvghrnhepvddtveejueehhfeivdetffejueffheekgfduuedtvefffeekieejleefveeuhfegnecukfhppeejfedriedtrddvvdefrddutddunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghlohepphhkohhnihhnghdrrghkuggvshhighhnrdgtohhmpdhinhgvthepjeefrdeitddrvddvfedruddtuddpmhgrihhlfhhrohhmpehprghulhhkohhnihhnghestghomhgtrghsthdrnhgvthdprhgtphhtthhopehhrggtkhefrhgtohhnseihrghhohhordgtohhmpdhrtghpthhtohepghgusgesshhouhhrtggvfigrrhgvrdhorhhg X-Xfinity-VMeta: sc=0.00;st=legit Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\)) Subject: Re: Is GDB just for bug hunting? In-Reply-To: <380743744.1194751.1618425458396@mail.yahoo.com> Date: Wed, 14 Apr 2021 14:48:21 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <40861674-D931-44C6-A4CE-50DC6516DEDF@comcast.net> References: <581661034.1177110.1618422536149.ref@mail.yahoo.com> <581661034.1177110.1618422536149@mail.yahoo.com> <6D6283C4-4860-48E3-B01F-B6C7687A300D@comcast.net> <380743744.1194751.1618425458396@mail.yahoo.com> To: Jason Long X-Mailer: Apple Mail (2.3445.104.17) X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Paul Koning via Gdb Reply-To: Paul Koning Cc: Eli Zaretskii via Gdb Errors-To: gdb-bounces@sourceware.org Sender: "Gdb" > On Apr 14, 2021, at 2:37 PM, Jason Long wrote: >=20 > Thank you for your useful info. > If a program is close source, then code review canceled. Thus, how a = security researcher finds a vulnerability in a program? Agreed, code review only applies if the source is visible. More = precisely, if the source is allowed to be disclosed; researchers looking = at the code while under NDA does not count and serves no significant = purpose. In those case, you're left with test stimuli and reverse engineering. = For "never seen before" defects, you either need luck (an existing test = happens to catch it) or a different kind of luck (you created a new test = that happens to catch it) or lots of skill (you saw the issue during a = reverse engineering session). GDB can help with reverse engineering. It's probably not ideal for = disassembly let alone decompiling, but it does offer disassembly and it = also gives you insight into the state of the running application and how = it changes during execution. paul