1. 11

  2. 3

    When you use llvm as your compiler toolchain, you can do really cool things like this. :)

    I’ve done something similar in a feature branch of HardenedBSD. I haven’t spent much time on it, though. ASAN found a potential heap buffer overflow in llvm-ar, which we use as the default ar/ranlib.

    Gotta be careful, though, to never use ASAN (and any other sanitizer that exhibits the same behaviors as ASAN) in production on suid binaries. Doing so opens up interesting attack vectors.

    I’ve also noticed that ASAN doesn’t like how aggressively HardenedBSD randomizes the stack. On amd64 and arm64, we’re able to introduce 42 bits of entropy into the stack. I either have to disable ASLR or greatly decrease the entropy introduced into ASLR delta generation.