A gentle introduction to Linux Kernel fuzzing
This blog post discusses coverage-guided fuzzing, a powerful testing technique where an automated program feeds semi-random inputs to a tested program. The intention is to find such inputs that trigger bugs. Fuzzing is especially useful in finding memory corruption bugs in C or C++ programs. The author decided to use the AFL fuzzer and target the Linux Kernel netlink machinery, which is an obscure part of the kernel but relatively easy to automatically craft valid messages. The post provides a tutorial on how to set up and run the custom kernel within KVM virtualization. It also mentions prior work in this area, including syzkaller and Trinity fuzzer.
Company
Cloudflare
Date published
July 10, 2019
Author(s)
Marek Majkowski
Word count
2331
Language
English
Hacker News points
10