Targeted Fuzzing Is Improving Linux Security, Linus Torvalds Says

On the sidelines of announcing the fifth release candidate for the Linux kernel version 4.14, Linus Torvalds said fuzzing, which involves stress testing a system by generating random code to induce errors, is helping the community find and fix a range of security vulnerabilities. He wrote: The other thing perhaps worth mentioning is how much random fuzzing people are doing, and it's finding things. We've always done fuzzing (who remembers the old "crashme" program that just generated random code and jumped to it? We used to do that quite actively very early on), but people have been doing some nice targeted fuzzing of driver subsystems etc, and there's been various fixes (not just this last week either) coming out of those efforts. Very nice to see.

Fuzzing Furry parties

[future+assassin]

drop some shrooms and mdma and PLUR your way to random code those security holes out while listening to 4 on the floor Techno.

Crashme

[ArhcAngel]

I use the crashme program to generate random code. Then I run it through Google translate and self publish on Amazon. Not a bad way to make a living.

Re:Crashme

[sinij]

I use crashme to generate random code, sprinkle it with various progressive words and submit it to gender studies journals. Apparently I am now a world-leading expert on sociolinguistic micro aggressions.

Re:AI

[michelcolman]

Well, this AI is doing a very bad job of impersonating Linus Torvalds. "Very nice to see"? Not a single swear word? No biting sarcasm? There's no way that's the real Linus.

fuzzing works.

[OFnow]

As maintainer of a small open source library and program I have benefitted immensely from the efforts of a small number of volunteers running fuzzing programs and using Address Sanitizer to locate bugs in the code I maintain. These volunteers have found bugs and reported them and provided testcases useful for regression testing. I am profoundly grateful to these folks.

Re:fuzzing works.

[phantomfive]

The answer is lots and lots of random input. If you just start injecting random data into a field, you'll find a lot.

The difficult part is that you want the random data to get past the initial sanity checks. To do that, you need to have relatively deep knowledge of the thing you are fuzzing. That is why automated fuzzing tools tend to be a bit frustrating.

Re:fuzzing works.

[blueg3]

Use afl.

Re:fuzzing works.

[phantomfive]

Incidentally, there has been some good work on improving the quality of fuzzing. In the future we may have fuzzing tools that use genetic algorithms to modify the input and get as deep into the program as they can. I don't know of any tools that have incorporated this yet, but it's an area worth paying attention to.

Re: Linus Torvalds is SOB...

Never mind, I found Creimer, still posting affiliate links. Mod down please.

Re:Improving?

[coolmoe2]

So just imagine how many undiscovered bugs there are in other OS'es that don't get this level of scrutiny. Im sure the 3 letter agencies could if they wanted. Cheers

Re:Apple is improving linux security

[EmeraldBot]

Darwin is not based on the FreeBSD Kernel, Darwin is based on the Mach kernel. Darwin uses a FreeBSD Userland though.