Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment: windbg needs PDB so app must compile in MSVS (Score 5, Informative) 310

by formal_entity (#27288651) Attached to: Microsoft Unveils Open Source Exploit Finder
It's a plugin to the windbg debugger. so that when it hits an access violation (which is MS speak for SIGSEG) you can do !expoitable and it will use some heuristics to guess whether this bug is an exploitable security vulnerability.

Since Microsoft receives millions of crash dumps every days for every single Windows app (including third-party apps) they need hardcore bug triaging tools.

For decades each crash they received went into the "!analyze -v" automatic bug triage tool which tries go figure out whether it's a Microsoft bug or a bug in the third-app. It also tries to classify the bug using advanced heuristics which has been refined over many years.

Now, they have decided to do the same for security bugs as well and thus they created the !expoitable windbg plugin. This plugin has been in production use inside Microsoft for over a year already. However, they know that it doesn't matter in what application the security hole is, if a box is owned Microsoft always get's bad press regardless.

Also note that this tool cannot easily be used to find security bugs in the linux kernel and not in linux-only apps either because you must run it inside windbg. Further, in order for windbg to be useful you just have debug symbols loaded from the proprietary debug symbol format PDB that Microsoft created, which in practice mean you must have compiled it with Visual Studio (and not mingw etc).

So you need not just a port to windows (using mingw or similar) but you actually need to port the app to compile under MS compiler if you want to use this.

Apps like Firefox will be able to use this tool though, they already have debug symbol server online that hosts PDB debug symbols for every single release build of Firefox.

I absolutely think the open source community should use this tool to scan cross-platform apps but in the long term, I hope there will be a gdb plugin with similar functionality which also has heuristics geared for *nix exploits.

Software

+ - FSFE launches Free PDF Readers campaign

Submitted by
FSFE Fellow
FSFE Fellow writes "The Fellowship of the Free Software Foundation Europe is proud to announce its latest initiative: pdfreaders.org, a site providing information about PDF with links to Free Software PDF readers for all major operating systems.

"Interoperability, competition and choice are primary benefits of Open Standards that translate into vendor-independence and better value for money for customers," says FSFE president Georg Greve. "Although many versions of PDF offer all these benefits for formatted text and documents, files in PDF formats typically come with information that users need to use a specific product. pdfreaders.org provides an alternative to highlight the strengths of PDF as an Open Standard.""

Invest in physics -- own a piece of Dirac!

Working...