-
Notifications
You must be signed in to change notification settings - Fork 4
markjdb/sysfuzz
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
-=-=-=-=-=-=-= sysfuzz is a program that attempts to perform fuzz testing of the FreeBSD kernel's system call interface. Naive fuzz testing of this interface wouldn't be very interesting: system calls with random input will fail parameter validation the vast majority of the time, so it would be mostly limited to exposing very basic bugs in system call implementations. This program attempts to improve on the naive approach by using knowledge of individual system call arguments to generate valid input. For example, rather than using random numbers for the first two arguments to ptrace(2), sysfuzz uses a valid ptrace command for the first argument, and a valid PID for the second argument. During start-up, sysfuzz allocates various types of resources (e.g. sockets, child processes, kqueues) for use in system call parameter generation. Note that the paragraph above describes the vision for this program. At the moment, it fuzzes the system calls implemented by the virtual memory subsystem - mmap(2) and friends. -=-=-=-=-=-=-=- Some example usages are: $ sysfuzz Run the fuzzer with default parameters. All supported syscalls will be fuzzed. $ sysfuzz -g vm Only fuzz system calls in the "vm" system call group. $ sysfuzz -l vm List the system calls comprising the "vm" system call group. $ sysfuzz -d Print descriptions and default values of all run-time parameters. $ sysfuzz -c mmap,munmap -x num-fuzzers=1 Fuzz the mmap(2) and munmap(2) system calls using a single fuzzer process. -=-=-=-=-=-=-=- Brag list. Here are fixes for bugs that I've found using sysfuzz: r265002: http://svnweb.freebsd.org/base?view=revision&revision=265002 r265843: http://svnweb.freebsd.org/base?view=revision&revision=265843 r266780: http://svnweb.freebsd.org/base?view=revision&revision=266780 r269134: http://svnweb.freebsd.org/base?view=revision&revision=269134 r271716: https://svnweb.freebsd.org/base?view=revision&revision=271716 r274482: https://svnweb.freebsd.org/base?view=revision&revision=274482 -=-=-=-=-=-=-= TODO: * support errno validation (e.g. based on man page descriptions) * track per-syscall statistics -=-=-=-=-=-=-=
About
A prototype system call fuzzer.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published