From: "sczhang@student.ubc.ca" <sczhang@student.ubc.ca>
Subject: Sanitizers in OpenBSD
To: "tech@openbsd.org" <tech@openbsd.org>
Cc: "Lefeuvre, Hugo" <hugo.lefeuvre@ubc.ca>, "sai02@student.ubc.ca" <sai02@student.ubc.ca>
Date: Sun, 25 May 2025 02:36:11 +0000

Hello everyone,

We are looking into fuzz testing the OpenBSD userland, however it seems that OpenBSD does not support ASan or equivalent bug detectors.

We are aware of UBSan support [1], and also saw that there has been some degree of work towards supporting ASan [2]. There seems to be limited support for Valgrind [3]. Part of these may also be replaceable with malloc hardening (and other hardening features), but they still wouldn’t quite match ASan's detection potential.

We are wondering: did we miss anything? Any recommendations for techniques or mechanisms that could replace ASan in OpenBSD or complement the mechanisms we mentioned above?

To provide a bit more context, we are interested in fuzz testing internal IPC interfaces in privilege-separated programs to strengthen the security properties of privsep.

Thanks!

Regards,

Shawn
UBC Systopia Lab

[1] https://2018.eurobsdcon.org/static/slides/LLVM%20sanitizers%20-%20David%20Carlier.pdf
[2] https://marc.info/?l=openbsd-tech&m=163074826612590&w=2
[3] http://ports.su/devel/valgrind