Date: Tue, 19 Jan 2016 12:49:17 +0100 From: Hanno Böck <hanno@...eck.de> To: kernel-hardening@...ts.openwall.com Subject: Re: 2015 kernel CVEs On Tue, 19 Jan 2016 14:28:12 +0300 Dan Carpenter <dan.carpenter@...cle.com> wrote: > There was only a coupls CVEs that looks like they came from a > filesystem fuzzer where you create a corrupt filesystems and then try > use them. I tried that, but it didn't lead to any results in the kernel . What I did: * Use filesystem checking tools (fsck) and fuzz them with afl * Use the queue created by afl and try to mount these with a kasan-enabled kernel My conclusion was that the filesystem code in the kernel is relatively robust (at least robust enough for this trivial fuzzing). But it led to a number of bugs discovered in filesystem fsck tools. > There was only one that might have come from a USB fuzzer. > We probably should be testing those things better. This is surprising to me. There was a talk at black hat amsterdam in 2014 about a project trying to do exactly this. They sounded like they have dozends of crashers that just need to be sorted and reported upstream. Here's the code  and the talk . Maybe this project has stalled and needs someone to look at it?  https://www.coreinfrastructure.org/sites/cii/files/pages/files/2015-09-fuzzing-report.pdf  https://github.com/schumilo/vUSBf  https://www.youtube.com/watch?v=OAbzN8k6Am4 -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.