How to build adb, the Android debugger
adb is the Android debugger (officially the "Android debug bridge" I think). It is a tool for getting shell access to an Android phone across a USB connection. It can also be used to copy files to and...
View ArticleBreakpoints in gdb using int3
Here is a useful trick I discovered recently while debugging some changes to the seccomp sandbox. To trigger a breakpoint on x86, just do: __asm__("int3"); Then it is possible to inspect registers,...
View ArticleThe trouble with Buildbot
The trouble with Buildbot is that it encourages you to put rules into a Buildbot-specific build configuration that is separate from the normal configuration files that you might use to build a project...
View ArticleCVS's problems resurface in Git
Although modern version control systems have improved a lot on CVS, I get the feeling that there is a fundamental version control problem that the modern VCSes (Git, Mercurial, Bazaar, and I'll include...
View ArticleClik here to view.
My workflow with git-cl + Rietveld
Git's model of changes (which is shared by Mercurial, Bazaar and Monotone) makes it awkward to revise earlier patches. This can make things difficult when you are sending out multiple, dependent...
View ArticleProcess descriptors in FreeBSD-Capsicum
Capsicum is a set of new features for FreeBSD that adds better support for sandboxing, adding a capability mode in which the capabilities are Unix file descriptors (FDs). The features Capsicum adds are...
View ArticleAn introduction to FreeBSD-Capsicum
In my last blog post, I described one of the features in FreeBSD-Capsicum: process descriptors. Now it's time for an overview of Capsicum. Capsicum is a set of new features for FreeBSD that adds better...
View ArticleWhen printf debugging is a luxury
Inserting printf() calls is often considered to be a primitive fallback when other debugging tools are not available, such as stack backtraces with source line numbers. But there are some situations in...
View ArticleA common misconception about the Chrome sandbox
A common misconception about the Chrome web browser is that its sandbox protects one web site from another. For example, suppose you are logged into your e-mail account on mail.com in one tab, and have...
View ArticleCookies versus the Chrome sandbox
Although Chrome's sandbox does not protect one web site from another in general, it can provide such protection in some cases. Those cases are ones in which HTTP cookies are either reduced in scope or...
View ArticleFixing the trouble with Buildbot
Last year I wrote a blog post, "The trouble with Buildbot", about how Buildbot creates a dilemma for complex projects because it forces you to choose between two ways of describing a project's build...
View ArticleARM cache flushing & doubly-mapped pages
If you're familiar with the ARM architecture you'll probably know that self-modifying code has to be careful to flush the instruction cache on ARM. (Back in the 1990s, the introduction of the...
View ArticleStack unwinding risks on 64-bit Windows
Recently, I've been looking at how x86-64 Windows does stack unwinding in 64-bit processes, and I've found some odd behaviour. If the stack unwinder finds a return address on the stack that does not...
View ArticleNative Client's NTDLL patch on x86-64 Windows
Last year, I found a security hole in Native Client on 64-bit Windows that could be used to escape from the Native Client sandbox. Fortunately I found the hole before Native Client was enabled by...
View ArticleSimplifying LLVM IR for PNaCl
Lately I've been working on Portable Native Client ("PNaCl" for short). Native Client (NaCl) is a sandboxing system that allows safe execution of native code in a web browser -- typically C/C++ code...
View ArticleHandling crashes on Mac OS X: ordering of Mach exceptions versus POSIX signals
Mac OS X is a curious operating system because its kernel is derived from two kernel codebases -- the Mach kernel and a BSD kernel -- that have been glued together. From these two ancestors, OS X...
View ArticleHow to do history-sensitive merges in Git
Merging in Git is usually not history-sensitive. By this I mean: if you're merging branches A and B together, Git looks at the content at the tips of branches A and B, and the content of the common...
View ArticleImplementing fork() on the Mill CPU
The Mill is a new CPU architecture that claims to provide high performance but at a much better performance-per-watt than conventional CPUs that use out-of-order execution. The Mill achieves this by...
View ArticleConditionalising C/C++ code: "#ifdef FOO" vs. "#if FOO"
Is it better to use #ifdef PLATFORM or #if PLATFORM when writing code that needs to be conditionalised according to OS, CPU architecture, etc.? Chromium's codebase uses the former. For example, it...
View ArticleThe DRAM rowhammer bug is exploitable
I've been researching the DRAM rowhammer issue and its security implications for a while. We've finally published our findings on the Project Zero blog: Exploiting the DRAM rowhammer bug to gain kernel...
View Article