Hi, Jesse Hertz and I reported a bunch of OpenBSD system call bugs earlier this year. We've published the fuzzer that we've been using on github and wanted to announce it to the list so that others can make use of it:
https://github.com/nccgroup/TriforceOpenBSDFuzzer https://github.com/nccgroup/TriforceAFL The fuzzer comes with a README that has detailed instructions for setting up and using the fuzzer. We've run it against OpenBSD 5.9 for a while, and we include the details of the bugs that we found with it in the repo. We haven't done any testing of the newer OpenBSD 6.0 release (and don't currently have any plans to do so). We've done all of our fuzzing from a Linux machine, but it would probably be possible to fuzz from an OpenBSD system (assuming you can get qemu and AFL to build in OpenBSD). We hope that others will run with this and continue testing system calls and other system features with the fuzzer. We'd be happy to answer any questions that come up. -- Tim Newsham | www.thenewsh.com/~newsham | @newshtwit | thenewsh.blogspot.com
