On Mon, Feb 11, 2008 at 02:18:05PM +0100, Pierre Chifflier wrote:
> > The description is very unclear to me.
[...]
> Right, the previous description was not clear. I have reworded it, from
> the README file, and from the author description:
>
> Fusil is a fuzzing framework designed to expose bugs in software by
> changing random bits of its input.
> It helps to start process with a prepared environment (limit memory,
> environment variables, redirect stdout, etc.), start network client or
> server, and create mangled files. Fusil has many probes to detect
> program crash: watch process exit code, watch process stdout and syslog
> for text patterns (eg. "segmentation fault"), watch session duration,
> watch cpu usage (process and system load), etc.
> .
> Fusil is based on a modular architecture. It computes a session score
> used to guess fuzzing parameters like number of injected errors to
> input files.
> .
> Available fuzzing projects: ClamAV, Firefox (contains an HTTP server),
> gettext, gstreamer, identify, libc_env, libc_printf, libexif,
> linux_syscall, mplayer, php, poppler, vim, xterm.
Wow, that is much better! The only remark I have is that you can define
your own fuzzing projects, I would replace "Available" in the last
paragraph by "Pre-defined" or something equivalent.
Upstream should put your description on their front page :)
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@debian.org>
Attachment:
signature.asc
Description: Digital signature