develooper Front page | perl.perl5.porters | Postings from April 2014

Re: Mayhem heads up

Thread Previous | Thread Next
David Steinbrunner
April 29, 2014 12:17
Re: Mayhem heads up
Message ID:
On 6/28/13, 8:52 AM, "Reini Urban" <> wrote:

>Those perl packages are currentty affected:
>eperl, perl-byacc, perl5i
>This is not really impressive, compared to the number of found asan bugs.
>But the mayhem paper at
> says:
>In this paper we present MAYHEM, a new system for automatically ļ¬nding
>exploitable bugs in binary (i.e., executable) programs. Every bug
>reported by MAYHEM is accompanied by a working shell-spawning exploit.
>The working
>exploits ensure soundness and that each bug report is security
>critical and actionable....
>Most found bugs are stack overflows and format strings exploitations.
>Looks like a better valgrind/memcheck to me, with the "advantage" to
>create reproducers.

With all the Coverity action going on it made me think of the MAYHEM
notice above that did not seem to get any attention on p5p beyond the
notice.  Did these issue just get silently taken care of?

David Steinbrunner

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About