Re: OpenBSD fuzzy testing

[Daniel Dickman]

Hi there.

> On Aug 23, 2017, at 3:56 AM, Infoomatic  wrote:
> 
> Hi,
> As nowadays I read quite a lot of projects being fuzzy tested or 
> vulnerabilities detected by fuzzy testing, I am quite curious: what is the 
> status of OpenBSD kernel/base system concerning fuzzy testing?

yes fuzzers have been used for a very long time. if you search through the 
commit archives you'll see that one recent example is afl which has been used 
on both userland and kernel.

Some links:
http://www.undeadly.org/cgi?action=article=20150121093259
http://lcamtuf.coredump.cx/afl/
https://github.com/nccgroup/TriforceOpenBSDFuzzer

other fuzzers have been used too as far as I know.

More work in this space is always welcome too.

> Is there a plan on using the Google fuzzer? thanks

to be clear, you're asking about oss-fuzz? if yes, then someone motivated 
enough might be able to get it going but it looks like a good amount of work to 
set it all up in a docker environment, etc.

I might explore... at some point... maybe.

But right now I'm personally more focused on static analysis of the kernel 
using tools like coverity.

> 
> regards,
> infoomatic
> 

OpenBSD fuzzy testing

[Infoomatic]

Hi,
As nowadays I read quite a lot of projects being fuzzy tested or 
vulnerabilities detected by fuzzy testing, I am quite curious: what is the 
status of OpenBSD kernel/base system concerning fuzzy testing?
Is there a plan on using the Google fuzzer? thanks

regards,
infoomatic