develooper Front page | perl.perl5.porters | Postings from June 2013

Mayhem heads up

Thread Next
Reini Urban
June 28, 2013 12:52
Mayhem heads up
Message ID:

Those perl packages are currentty affected:
eperl, perl-byacc, perl5i

This is not really impressive, compared to the number of found asan bugs.

But the mayhem paper at says:
In this paper we present MAYHEM, a new system for automatically ļ¬nding
exploitable bugs in binary (i.e., executable) programs. Every bug
reported by MAYHEM is accompanied by a working shell-spawning exploit.
The working
exploits ensure soundness and that each bug report is security
critical and actionable....

Most found bugs are stack overflows and format strings exploitations.
Looks like a better valgrind/memcheck to me, with the "advantage" to
create reproducers.
Reini Urban

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About