Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Aug 2000 14:55:00 -0400 (EDT)
From:      "Chris D. Faulhaber" <jedgar@fxp.org>
To:        Brian Fundakowski Feldman <green@FreeBSD.org>
Cc:        Kris Kennaway <kris@hub.freebsd.org>, freebsd-audit@freebsd.org
Subject:   fuzz usage (was: Re: cvs commit: ports/security/fuzz Makefile)
Message-ID:  <Pine.BSF.4.21.0008021446400.25663-100000@earth.causticlabs.com>
In-Reply-To: <Pine.BSF.4.21.0008012237580.98183-100000@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Moving to FreeBSD-Audit

On Tue, 1 Aug 2000, Brian Fundakowski Feldman wrote:

> On Tue, 1 Aug 2000, Kris Kennaway wrote:
> 
> > See the preliminary list I posted to -audit the other day for some easy
> > and not-so-easy candidates :-)
> 
> Right :)  For what it's worth, sed survives a few thousand fuzz runs.  I
> am using fuzz with kern.chroot_allow_non_suser enabled (don't use more
> permissions for anything than necessary...), but I think I'll set up a
> jail to run it in.  Trusting running programs as root is hard, but even
> harder is trusting them with untrusted input ;)
> 
> I'm gonna see what bugs I can find with fuzz in the non-gnu stuff, of
> course starting with your suggestions, and I'll post any specifics to
> -audit.  I encourage anyone else who's looking for some useful things
> to do to join -audit, too!
> 

Of course, beware of using fuzz on a machine with multiple users.  Fuzz
creates temp files in /tmp using the tested program's name and run number
(e.g. make.9999, make.9998, etc).  While it does clean up after itself,
the program does no sanity checking for links, etc, and will gladly
overwrite an existing file (or the other end of a sym link).

-----
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008021446400.25663-100000>