![]() With a good deduplicator you need a *big* program for that, though no doubt a C++-capable CTF would find Chromium to be just such.ġ.26user 0.33system 0:01.52elapsed 104%CPU (0avgtext+0avgdata 3320maxresident)kĪ thousand uncompresses (done by hacking libctf to abort on error and free everything immediately after uncompressing). Put together these are 1509340 bytes compressed, 4267753 bytes uncompressed. ![]() The kernel splits its CTF unusually: let's try the output of the old deduplicator, vmlinux.ctf (types only used by the core kernel) plus its parent shared_ctf.ctf (types used by more than one module, or by at least one module and the core kernel). ![]() Let's try it for an enterprise Linux kernel (because I've got one sitting here waiting). Posted 0:55 UTC (Wed) by nix (subscriber, #2304) If you want people to use CTF to generate FFI glue at runtime, for example, even a small startup penalty is going to cause people to look for alternatives. OK but how big was that binary? Things that work well for reasonable-sized programs don't necessarily work well for Firefox or Chromium. > Back when I had a deduplicator so the files were small, I literally could not measure the cost of doing this, nor the cost of doing aggressive upgrading of the entire file. You should probably highlight this tradeoff, because it is significant. > It has to, as a consequence of the decision to not spend space on indexes or indentifiers. For example you might want to run `objdump` on a possibly-malicious executable and not get owned.Īlternatively, you might have a debugger that runs the debuggee code in a sandbox but where you want to process debuginfo outside that sandbox. Isn't the malicious executable code likely to be a bigger worry? if your CTF is malicious, the binary is malicious.
0 Comments
Leave a Reply. |