20 May
2024
20 May
'24
7:10 p.m.
On 5/20/24 5:20 AM, Ralph Corderoy wrote:
Hi Arnold,
This is the first time I've heard of making life difficult for fuzzers
so I'm curious...
It's not making life difficult for them -- they can still fuzz all they
want. Chances are better they'll find a genuine bug if you stop right away.
in order
to maximize the amount of input that could be parsed before
giving up.
Gawk used to do this, until people started fuzzing it, causing
cascading errors and eventually core dumps. Now the first syntax
error is fatal.
I'm assuming you agree the eventual core dump was
a bug somewhere to be
fixed, and probably was. > Stopping on the first error lessens the
‘attack surface’ for the fuzzer. Do you think there remains a bug which
would bite a user which the fuzzer might have found more easily before
the shrunken surface?
Chances are small. (People fuzz bash all the time, and that is my
experience.)
Look at it this way. Free Software maintainers have limited resources. Is
it better to spend time on bugs that will affect a larger percentage of
the user population, instead of those that require artificial circumstances
that won't be encountered by normal usage? Those get pushed down on the
priority list.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet(a)case.edu http://tiswww.cwru.edu/~chet/