Re: Bug#465204: ITP: fusil -- Fuzzing program to test applications
On Mon, Feb 11, 2008 at 01:08:38PM +0100, Guus Sliepen wrote:
> The description is very unclear to me. After looking at the Fusil
> website, I have some understanding of what fusil does. It is not a
> stand-alone program like fuzz or zzuf that work directly with any
> program. It rather is a framework that allows you to write Python
> scripts that specifically target a certain program. You should mention
> that in the long description.
>
> The part about the implementation being based on a multi-agent system
> architecture is not useful information. "multi-agent" is a bit of a
> buzzword that can mean many things. Furthermore, it is not useful for a
> user of a program to know whether it is implemented in C, with a
> multi-agent system or with bananas.
>
> The list of programs and libraries that Fusil can crash will change over
> time, since the whole point of Fusil is to find bugs so one can fix
> them. If you want to mention it, change the sentence to the past or
> perfect tense, like "Fusil was able to..." or "Fusil has been used
> to...".
>
Right, the previous description was not clear. I have reworded it, from
the README file, and from the author description:
Fusil is a fuzzing framework designed to expose bugs in software by
changing random bits of its input.
It helps to start process with a prepared environment (limit memory,
environment variables, redirect stdout, etc.), start network client or
server, and create mangled files. Fusil has many probes to detect
program crash: watch process exit code, watch process stdout and syslog
for text patterns (eg. "segmentation fault"), watch session duration,
watch cpu usage (process and system load), etc.
.
Fusil is based on a modular architecture. It computes a session score
used to guess fuzzing parameters like number of injected errors to
input files.
.
Available fuzzing projects: ClamAV, Firefox (contains an HTTP server),
gettext, gstreamer, identify, libc_env, libc_printf, libexif,
linux_syscall, mplayer, php, poppler, vim, xterm.
Regards,
Pierre
Reply to: