From: Alfredo Ortega Subject: Re: AI-Driven Security Enhancements for OpenBSD Kernel To: Alfredo Ortega , tech@openbsd.org Date: Tue, 11 Jun 2024 07:41:20 -0300 Yes indeed! its a first version. Surely the tool will improve it in the coming weeks. Nevertheless, the kernel boots at the IP stack works with the additional checks. A release version would need a little bit of manual cleaning (or AI improvements). But the fact that whole netinet/netinet6 10000+ checks were added with no human intervention and produced a working, arguably safer kernel, is surprising to me. Beware that at the current state, it might not be actually safer as the checks may actually introduce new bugs. El mar, 11 jun 2024 a las 7:29, Claudio Jeker () escribió: > > On Tue, Jun 11, 2024 at 07:19:25AM -0300, Alfredo Ortega wrote: > > Hi! Sorry if this is not the appropriate list to share openbsd-related > > projects (perhaps it was misc?) > > > > I want to inform you about this project about using LLMs to inject > > thousands of security checks into the OpenBSD kernel automatically. > > > > I'm sharing the first results at > > https://github.com/ortegaalfredo/openbsd-hardcore , where I used the > > automated tool to add thousands of additional security checks to the > > netinet/netinet6 stack of kernel 7.5. My plan is to continue this > > process with other subsystems, which will be largely automated, and to > > improve the tool so it can be used in other projects. The tool is not > > yet public but the idea is quite simple and can be implemented easily. > > This is a demonstration of the capabilities of LLMs as a > > code-refactoring tool. > > > > This needs a lot more work. Just looked at the first few changes. Some of > them are just wrong (e.g. thinking the 2nd arg of malloc() is a count) and > others are just plain impossible. (check sizeof(x) > SIZE_MAX). > > -- > :wq Claudio