Re: reclaiming memory before exit, take 2

[Jeffrey Walton]

On Sat, May 16, 2020 at 12:47 PM Bruno Haible <address@hidden> wrote:
>
> Tim Rühsen wrote:
> > At GNU wget we have conditional cleanup functions. That is compilation
> > with -DDEBUG_MALLOC in $CFLAGS will add those cleanup functions and they
> > are called before wget exits. Handy for testing, but you have to build
> > an extra executable.
>
> How about using an environment variable instead? You would set it in the
> Automake variable TESTS_ENVIRONMENT.
>
> Then you would not need an extra executable, and the individual tests in
> your testsuite do not need to me modified.

I can't speak for Tim and his projects, but I prefer to run a release
build with diagnostics. Something like '-g2 -O3 -DNDEBUG
-fsanitize=asan', install it, and then use it long term.

One of the [many] reasons this is important is, it provides additional
coverage beyond the test cases. In the wild I may encounter an
attacker supplied input that tickles a problem, like a buffer
overflow. Or I may encounter an otherwise benign input that tickles a
problem.

The folks who pursue tailored access do this sort of thing. Their
methodologies are mature, and their attack trees are wide and deep. I
have first hand knowledge of some of the tricks. Years ago I worked
with a firm that sold exploit packages to Northrop Grumman Electronic
Warfare division. Decades ago I worked with another firm that guarded
US supercomputing centers. It had offensive capabilities to work back
to determine the source of the attack.

Jeff