| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 May 2012 19:20:47 +0300
From: Sami Liedes <sami.liedes@....fi>
To: "Richard W.M. Jones" <rjones@...hat.com>
Cc: linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: Announcing the Berserker toolkit for (semi-)automated fs fuzz
testing
On Sun, May 06, 2012 at 11:27:27AM +0100, Richard W.M. Jones wrote:
> I wrote something similar a while back, trying to use systemtap to do
> feedback-directed fuzz testing. By putting a tracepoint on every line
> in the filesystem module, you can find out how many lines of code are
> actually executed when mounting/using the fuzzed filesystem and use
> that as a cost function for feedback (maximizing the # of lines
> executed, rather than blindly fuzzing). Unfortunately it doesn't work
> yet because of a bug in Linux[1].
I guess something like that could also be used for trying to generate
a small(ish) set of test case filesystem images that maximally
exercise the code.
> Anyway I was going to say: why not use libguestfs to provide a simpler
> framework for running KVM and the fuzzer?
I didn't even know about libguestfs. Very interesting; I need to take
a closer look at it.
I'd be glad quite glad if I could somehow get rid of the root
filesystem image, or to build and update it automatically. Right now
it's a headache for version control purposes.
Sami
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists