Tux

...making Linux just a little more fun!

Things Debian Project Leaders Do

Kapil Hari Paranjape [kapil at imsc.res.in]


Fri, 27 Jul 2007 17:09:08 +0530

Hello,

Well one of the things at least! http://sam.zoy.org/zzuf/ (Also available in Debian testing of course!) Quite a neat toy!

Regards,

Kapil. --


Top    Back


Ben Okopnik [ben at linuxgazette.net]


Fri, 27 Jul 2007 10:04:26 -0400

On Fri, Jul 27, 2007 at 05:09:08PM +0530, Kapil Hari Paranjape wrote:

> Hello,
> 
> Well one of the things at least!
> 	http://sam.zoy.org/zzuf/
> (Also available in Debian testing of course!)
> Quite a neat toy!

I seem to recall a couple of programs in the Debian kit that do something like this by feeding random data to apps, but this one seems to be a real star. E.g., http://sam.zoy.org/zzuf/lol-firefox.gif crashes my Firefox (1.5.0.11) very nicely - one-click functionality. :)

I wonder if it'll compile under Solaris? I just might try it out next week, while I'm in Atlanta. I haven't taught a security class in a while, but it seems like 'zzuf' would make a very nice teaching aid for when I'm explaining vulnerability discovery. Given that Sun is pretty much abandoning CDE, buffer overflows and such are becoming harder to demonstrate...

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *

Top    Back


Kapil Hari Paranjape [kapil at imsc.res.in]


Sat, 28 Jul 2007 08:53:01 +0530

Hello,

On a side track (and we luurve those in LG :)):

On Fri, 27 Jul 2007, Ben Okopnik wrote:

> Given that Sun is pretty much abandoning CDE, buffer overflows and
> such are becoming harder to demonstrate...

Did you know that CDE was sometimes considered an acronym for Colossal Disk Eater?

I know there are KDE fans out there but that was thought of similarly ... except that it is in German.

Returning to the original post about "fuzz testing". One of the early programs that did this (which I used to convince people to switch to Linux) was "crashme". This was basically a program that trapped all trappable signals, generated a random chunk of data and then jumped to the start of this data *as code*. Since the handler did not do much except to reset the traps and jump back, the loop was rather tight and a number of O/Ses failed this test and crashed completely.

The nice thing about "zzuf" is that the test is with "random" data but is repeatable. Moreover, now that kernels usually pass the "crashme" test, one can concentrate on testing programs, device drivers, filesystems and libraries.

Regards,

Kapil. --


Top    Back