Re: Fuzzing

To: atf-devel%NetBSD.org@localhost
Subject: Re: Fuzzing
From: Julio Merino <jmmv%NetBSD.org@localhost>
Date: Mon, 13 Jun 2011 14:43:00 +0100

On 6/4/11 8:13 AM, Jukka Ruohonen wrote:
> Hi.
> 
> The so-called "fuzzing" has long been a standard practice in the domain of
> security research. While pooka@ recently added some basic routines and some
> skepticism has been expressed previously [1], would there be interest from
> the ATF developer(s) to add a basic "atf-fuzz(3) API" and a "fuzzer binary"? 

Not sure.  Before adding this to ATF, I'd like to see the code working
in NetBSD along with some use cases for it.  When it's proven to be
useful, we can abstract the implementation and move it into ATF.  (My
main concern is that I have no idea how this would look like for the use
cases you mention, and would also like to see "wide" acceptance by the
main consumer of ATF before doing this ;-)

Maybe a little design doc with some use cases and examples of the API
and its users would be good to clarify what you have in mind.

> When looking at some existing applications (e.g. [2]), writing such a
> "fuzzer binary" does not seem that difficult.

The question here would be: why rewrite the fuzzer if others exist?

-- 
Julio Merino / @jmmv

Follow-Ups:
- Re: Fuzzing
  - From: Jukka Ruohonen

References:
- Fuzzing
  - From: Jukka Ruohonen

Prev by Date: Fuzzing
Next by Date: Re: Fuzzing
Previous by Thread: Fuzzing
Next by Thread: Re: Fuzzing
Indexes:

Home | Main Index | Thread Index | Old Index