From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id iEH4BhE9d2AfWgAAWB0awg (envelope-from ) for ; Wed, 14 Apr 2021 15:05:53 -0400 Received: by simark.ca (Postfix, from userid 112) id 1AF8C1F104; Wed, 14 Apr 2021 15:05:53 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=MAILING_LIST_MULTI, RDNS_DYNAMIC,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 3DAA81E783 for ; Wed, 14 Apr 2021 15:05:52 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id AC7BE396E849; Wed, 14 Apr 2021 19:05:51 +0000 (GMT) Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com [209.85.167.52]) by sourceware.org (Postfix) with ESMTPS id 470A3396E849 for ; Wed, 14 Apr 2021 19:05:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 470A3396E849 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=rtems.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=joel.sherrill@gmail.com Received: by mail-lf1-f52.google.com with SMTP id x19so4551506lfa.2 for ; Wed, 14 Apr 2021 12:05:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=ODEvep/2qOT4Nt4aFmrJ5W//aXCWNrADugVwoIN5iKA=; b=E2iZV7zxrPtvoKBmj4A6bMwzBHNHCjp1L3DhGBHUFq+sFyksHOTqkNAw7ebZ59VdSy 6bH7jiL261eiqrbm3lPv2vtjLzGeX17cFtPsjx+6KH0+x/i6+3GwefJac8JJPr4tZodf 1tonQTgOhGN2VDFRBbZ5qTlyhZ11e6pYyPO0xIVGayQTgFr2tbJWrGC7B+fh9MJSJMeF Vc/IUnQWI6sbGbL5NFzYYstUHdbJrYbk+Ui7dPAc1nlEJyhN4PIXqljAW/9v8pZWKbZq V3VOJ+ODeK/hr+Ac5HzcPSejm0rt7QK7Xu8rUuzi0o3g6NMSgoRqQVZZ6ed7d3A6trNy 63Eg== X-Gm-Message-State: AOAM532FjLFgL3uzKK/UTIy04r+IfIV6MVSSVuPL+LAJ8kebEYHSrK2C eBI/YQtfJI0NtRCGPLiNkpG7K/MKepXFZA== X-Google-Smtp-Source: ABdhPJxulEPXD0CL0Her/iMvH67EjJcUxQ0g2bzQsmYCKgG2DXZRU3V3vCYL+BlkYRoQ+t6ZlDf7WQ== X-Received: by 2002:ac2:4e84:: with SMTP id o4mr4570432lfr.557.1618427146862; Wed, 14 Apr 2021 12:05:46 -0700 (PDT) Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com. [209.85.167.49]) by smtp.gmail.com with ESMTPSA id t2sm141163lfc.58.2021.04.14.12.05.46 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 14 Apr 2021 12:05:46 -0700 (PDT) Received: by mail-lf1-f49.google.com with SMTP id 12so34835141lfq.13 for ; Wed, 14 Apr 2021 12:05:46 -0700 (PDT) X-Received: by 2002:ac2:5eca:: with SMTP id d10mr25884170lfq.525.1618427146557; Wed, 14 Apr 2021 12:05:46 -0700 (PDT) MIME-Version: 1.0 References: <581661034.1177110.1618422536149.ref@mail.yahoo.com> <581661034.1177110.1618422536149@mail.yahoo.com> <6D6283C4-4860-48E3-B01F-B6C7687A300D@comcast.net> <380743744.1194751.1618425458396@mail.yahoo.com> <40861674-D931-44C6-A4CE-50DC6516DEDF@comcast.net> In-Reply-To: <40861674-D931-44C6-A4CE-50DC6516DEDF@comcast.net> From: Joel Sherrill Date: Wed, 14 Apr 2021 14:05:34 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Is GDB just for bug hunting? To: Paul Koning Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: joel@rtems.org Cc: Eli Zaretskii via Gdb Errors-To: gdb-bounces@sourceware.org Sender: "Gdb" On Wed, Apr 14, 2021, 1:48 PM Paul Koning via Gdb wrote: > > > > On Apr 14, 2021, at 2:37 PM, Jason Long wrote: > > > > Thank you for your useful info. > > If a program is close source, then code review canceled. Thus, how a > security researcher finds a vulnerability in a program? > > Agreed, code review only applies if the source is visible. More > precisely, if the source is allowed to be disclosed; researchers looking at > the code while under NDA does not count and serves no significant purpose. > > In those case, you're left with test stimuli and reverse engineering. For > "never seen before" defects, you either need luck (an existing test happens > to catch it) or a different kind of luck (you created a new test that > happens to catch it) or lots of skill (you saw the issue during a reverse > engineering session). > > GDB can help with reverse engineering. It's probably not ideal for > disassembly let alone decompiling, but it does offer disassembly and it > also gives you insight into the state of the running application and how it > changes during execution. > If you have source, you can use a trick I like. You can look at constant data in a nice format even for cross compiled programs without attaching to a target. Sometimes this is a good way to make sure your data structures are right without really debugging. I suppose with the Python scripting you could do a lot of you knew the source. I've always wanted some scripting to analyse the state of an RTEMS system via gdb to find priority inversions, etc. You could potentially do some really powerful introspection. But without application source, things become harder. --joel > paul > >