"sczhang@student.ubc.ca" <sczhang@student.ubc.ca> writes:

> We are looking into fuzz testing the OpenBSD userland, however it seems that OpenBSD does not support ASan or equivalent
> bug detectors.
>
> We are aware of UBSan support [1], and also saw that there has been some degree of work towards supporting ASan [2].
> There seems to be limited support for Valgrind [3]. Part of these may also be replaceable with malloc hardening (and
> other hardening features), but they still wouldn’t quite match ASan's detection potential.
>
> We are wondering: did we miss anything? Any recommendations for techniques or mechanisms that could replace ASan in
> OpenBSD or complement the mechanisms we mentioned above?

No, you didn't miss anything. I haven't invested any more time into user
space ASan since then. You are welcome to pick up the bits listed in the
email you found. I can try to answer the questions if I remember anything.

> To provide a bit more context, we are interested in fuzz testing internal IPC interfaces in privilege-separated programs
> to strengthen the security properties of privsep.

Most of this code would be much easier to port to a system where ASan is
already available and do your fuzzing there.

Thanks
Greg