Re: strings / libbfd crasher

[Tavis Ormandy <taviso () cmpxchg8b com>]

On 24 October 2014 13:31, Michal Zalewski <lcamtuf () coredump cx> wrote:
> [+Tavis]
>
> > > I don't understand the user benefit of extracting strings only from
> > > certain sections of executables, and I almost feel like it's a side
> > > effect of strings being a part of binutils more than anything else.
> >
> > I fully agree. I wasn't aware strings does any kind of executable
> > parsing and I was very surprised that there is any attack vector at all
> > against it at all.
>
> Tavis mentioned to me some time ago that he made that suggestion
> upstream when he bumped into other issues many years ago; he can
> probably comment on how that went, but more generally, distro vendors
> have some latitude to apply non-upstream patches to change the default
> behavior... maybe that's the way to go.
>
> /mz

Yeah, `strings -a` is closer to what people expect by default - most
people find the section parsing a surprise. I found this one 10 years
ago https://bugs.gentoo.org/show_bug.cgi?id=91398, and suggested at
the time that maybe `strings -a` should be the default mode, enabling
bfd parsing only when requested.

This was dismissed by upstream, but I still think it's a good idea...

Tavis.


-- 
-------------------------------------
taviso () cmpxchg8b com | pgp encrypted mail preferred
-------------------------------------------------------