Open JJ opened 4 years ago
OpenBSD's potentially another option in the meantime. With it, libc can be configured so malloc
can detect certain types of vulnerabilities, and W^X detected there may be potential for ROP vulnerabilities in the JIT. I'll see if anything comes up when configuring malloc
for auditing.
Theoretically, OSS-Fuzz is able to detect possible problems and vulnerabilities. Apparently it's not straightforward to use, but maybe we could keep it in mind to run it some time in the future. Google organizes workshops during some events (for instance, one during this Google Summer of Code Mentor Summit), so maybe in FOSDEM or some other event like that you can catch up with some Google people that can help you set this up.