Targeted Fuzzing Is Improving Linux Security, Linus Torvalds Says

On the sidelines of announcing the fifth release candidate for the Linux kernel version 4.14, Linus Torvalds said fuzzing, which involves stress testing a system by generating random code to induce errors, is helping the community find and fix a range of security vulnerabilities. He wrote: The other thing perhaps worth mentioning is how much random fuzzing people are doing, and it's finding things. We've always done fuzzing (who remembers the old "crashme" program that just generated random code and jumped to it? We used to do that quite actively very early on), but people have been doing some nice targeted fuzzing of driver subsystems etc, and there's been various fixes (not just this last week either) coming out of those efforts. Very nice to see.

Crashme

[ArhcAngel]

I use the crashme program to generate random code. Then I run it through Google translate and self publish on Amazon. Not a bad way to make a living.

Re:Crashme

[sinij]

I use crashme to generate random code, sprinkle it with various progressive words and submit it to gender studies journals. Apparently I am now a world-leading expert on sociolinguistic micro aggressions.

fuzzing works.

[OFnow]

As maintainer of a small open source library and program I have benefitted immensely from the efforts of a small number of volunteers running fuzzing programs and using Address Sanitizer to locate bugs in the code I maintain. These volunteers have found bugs and reported them and provided testcases useful for regression testing. I am profoundly grateful to these folks.

Re:fuzzing works.

[phantomfive]

The answer is lots and lots of random input. If you just start injecting random data into a field, you'll find a lot.

The difficult part is that you want the random data to get past the initial sanity checks. To do that, you need to have relatively deep knowledge of the thing you are fuzzing. That is why automated fuzzing tools tend to be a bit frustrating.