AddressSanitizer

From Gentoo Wiki
Jump to: navigation, search

Address Sanitizer or Asan is a compiler feature in gcc and clang that is able to detect several memory access errors. It thereby adds a certain level of memory safety to C/C++ code. Address Sanitizer is enabled with the compiler flag -fsanitize=address.It is possible to compile a Gentoo system with Address Sanitizer.

Warning
Using Gentoo with Address Sanitizer is highly experimental. You will almost certainly face problems. If you want to try this you should be willing to play around with things and help fixing bugs. You probably don't want to use this for any production systems right now. It also introduces security risks like local root exploits and is not suitable for production use.

Why use AddressSanitizer?

Address Sanitizer is a very powerful feature. However until now it has mostly been used as a debugging tool and to test single applications. Using Address Sanitizer for a whole system could be an attractive project for people wanting a system with very high security guarantees. Also just trying to do this will automatically uncover many bugs in upstream applications. Thereby this project helps improving the general quality of the upstream software Gentoo uses.

Disadvantages and limitations

Address Sanitizer has significant performance and memory costs. Expect a system that is 50-100 % slower and needs a lot of RAM.

It is also currently incompatible with some other security measurements (most notably Grsecurity) and with many other debugging tools (e. g. Valgrind).

It is not possible to use an application that is not using Address Sanitizer with a library that has been compiled with Address Sanitizer. Therefore it is often not possible to exclude single applications from the Address Sanitizer usage - you also have to avoid using Address Sanitizer for all dependencies.

Currently Gentoo with Address Sanitizer has only been tested on amd64.

Asantoo stage tarball

The easiest way to test Gentoo with Address Sanitizer is using a prepared asantoo stage 3 tarball. With this tarball you can start a normal Gentoo installation.

If you don't trust a tarball downloaded from a random Gentoo developer's webspace you can also use this script to turn a normal stage 3 tarball into a stage 3 with Address Sanitizer enabled.

Differences between the "normal" Gentoo stage 3 tarball and the asantoo tarball:

  • It includes the asantoo overlay. The overlay contains several packages with fixes or workarounds needed to let them compile with Address Sanitizer
  • It has git installed (this is just to sync the overlay).
  • Python default has been set to Python 3 (there are problems when trying to use portage with Python 2 to compile Python itself).
  • Address Sanitizer CFLAGS/CXXFLAGS/LDFLAGS have been added to make.conf.
  • Some core packages (gcc, glibc, their dependencies and some other problematic packages) have been excluded from the compilation with Address Sanitizer through package.env.
  • Some quirks workaround existing problems, these include a portage hook that fixes libtool scripts and a workaround for pthread detection for some packages.
  • An env file causes Address Sanitizer errors to be logged to /var/log/asan.

Booting

The easiest way to play around with this is to just use it in a chroot environment. Booting such a system poses some challenges.

Address Sanitizer only works if /proc is mounted. However as you will compile everything with Address Sanitizer the init system can't work that way. You will need an initramfs. This can be created with genkernel, however please note that you need to create the initramfs on a normal Gentoo system.

If you have trouble getting a boot manager to run you may want to try grub-static.

Bugs

You will almost certainly run into various compilation and runtime issues with many software packages. Some common issues are described on the Problems page.