ATF-devel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Fuzzing

On 6/4/11 8:13 AM, Jukka Ruohonen wrote:
> Hi.
> The so-called "fuzzing" has long been a standard practice in the domain of
> security research. While pooka@ recently added some basic routines and some
> skepticism has been expressed previously [1], would there be interest from
> the ATF developer(s) to add a basic "atf-fuzz(3) API" and a "fuzzer binary"? 

Not sure.  Before adding this to ATF, I'd like to see the code working
in NetBSD along with some use cases for it.  When it's proven to be
useful, we can abstract the implementation and move it into ATF.  (My
main concern is that I have no idea how this would look like for the use
cases you mention, and would also like to see "wide" acceptance by the
main consumer of ATF before doing this ;-)

Maybe a little design doc with some use cases and examples of the API
and its users would be good to clarify what you have in mind.

> When looking at some existing applications (e.g. [2]), writing such a
> "fuzzer binary" does not seem that difficult.

The question here would be: why rewrite the fuzzer if others exist?

Julio Merino / @jmmv

Home | Main Index | Thread Index | Old Index