develooper Front page | perl.perl5.porters | Postings from April 2014

Re: Mayhem heads up

Thread Previous | Thread Next
Tony Cook
April 29, 2014 12:44
Re: Mayhem heads up
Message ID:
On Tue, Apr 29, 2014 at 08:17:03AM -0400, David Steinbrunner wrote:
> On 6/28/13, 8:52 AM, "Reini Urban" <> wrote:
> >See
> >
> >Those perl packages are currentty affected:
> >eperl, perl-byacc, perl5i
> >See
> >
> >This is not really impressive, compared to the number of found asan bugs.
> >
> >But the mayhem paper at
> > says:
> >In this paper we present MAYHEM, a new system for automatically ļ¬nding
> >exploitable bugs in binary (i.e., executable) programs. Every bug
> >reported by MAYHEM is accompanied by a working shell-spawning exploit.
> >The working
> >exploits ensure soundness and that each bug report is security
> >critical and actionable....
> >
> >Most found bugs are stack overflows and format strings exploitations.
> >Looks like a better valgrind/memcheck to me, with the "advantage" to
> >create reproducers.
> With all the Coverity action going on it made me think of the MAYHEM
> notice above that did not seem to get any attention on p5p beyond the
> notice.  Did these issue just get silently taken care of?

None of the MAYHEM bugs reported are in perl itself, that I could see.


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About