Address Sanitizer isn't designed to be used in production. See this thread: http... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

anon1385 on Aug 30, 2016 | parent | context | favorite | on: Hardening Compiler Flags for NixOS

Address Sanitizer isn't designed to be used in production. See this thread: http://seclists.org/oss-sec/2016/q1/363

ASAN is great at detecting many unintentional memory errors, but it's not designed to thwart malicious attacks.

If you need a specific example of ASAN binary being exploited then see: http://int3pids.blogspot.ch/2015/04/confidence-2015-teaser-q...

AstralStorm on Aug 30, 2016 [–]

Correct, but it still prevents a large set of attacks. Instead, we need an equivalent that is more focused on security than bug detection. CPI is the mechanism for the future with somewhere below 10% overhead.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact