Skip to content

Commit 69628b0

Browse files
yugrthomasnyman
yugr
authored and
thomasnyman
committed
Add info on minimal UBSan runtime
UBSan can be used in production environment if special minimal runtime is used. Signed-off-by: Yuri Gribov <[email protected]>
1 parent 195f115 commit 69628b0

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1206,7 +1206,7 @@ While more efficient compared to dynamic analysis, sanitizers are still prohibit
12061206
12071207
As with all testing practices, sanitizers cannot absolutely prove the absence of bugs. However, when used appropriately and regularly they can help in identifying latent memory, concurrency, and undefined behavior-related bugs which may be difficult to pinpoint.
12081208
1209-
Sanitizers should not be used for hardening in production environments, particularly for Set User ID (SUID) binaries, as they expose operational parameters via environmental variables which can be manipulated to clobber root-owned files and privilege escalation[^Nagy2016].
1209+
Sanitizers should not be used for hardening in production environments (apart from UBSan with minimal runtime - see below), particularly for Set User ID (SUID) binaries, as they expose operational parameters via environmental variables which can be manipulated to clobber root-owned files and privilege escalation[^Nagy2016].
12101210
12111211
[^Nagy2016]: Nagy , Szabolcs, [Address Sanitizer local root](https://www.openwall.com/lists/oss-security/2016/02/17/9), Openwall mailing list, 2016-02-16.
12121212
@@ -1319,6 +1319,8 @@ To enable UBSan add `-fsanitize=undefined` to the compiler flags (`CFLAGS` for C
13191319
13201320
The run-time behavior of UBSan can be influenced using the `UBSAN_OPTIONS` environment variable. If set to `UBSAN_OPTIONS=help=1` the available options are shown at startup of the instrumented program.
13211321
1322+
Unlike other sanitizers, UBSan comes with an option to enable a minimal runtime which does not expose additional attack surfaces and can be enabled in production environments. You can use `-fsanitize-minimal-runtime` flag to enable it.
1323+
13221324
[^gcc-instrumentation]: GCC team, [Program Instrumentation Options](https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options), GCC Manual, 2023-07-27.
13231325
13241326
[^clang-ubsan]: LLVM team, [UndefinedBehaviorSanitizer](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html), Clang documentation, 2023-03-17.

0 commit comments

Comments
 (0)