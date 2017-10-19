Slashdot is powered by your submissions, so send in your scoop

 


Targeted Fuzzing Is Improving Linux Security, Linus Torvalds Says (iu.edu) 21

Posted by msmash from the growing-trend dept.
On the sidelines of announcing the fifth release candidate for the Linux kernel version 4.14, Linus Torvalds said fuzzing, which involves stress testing a system by generating random code to induce errors, is helping the community find and fix a range of security vulnerabilities. He wrote: The other thing perhaps worth mentioning is how much random fuzzing people are doing, and it's finding things. We've always done fuzzing (who remembers the old "crashme" program that just generated random code and jumped to it? We used to do that quite actively very early on), but people have been doing some nice targeted fuzzing of driver subsystems etc, and there's been various fixes (not just this last week either) coming out of those efforts. Very nice to see.

  • This sound like an area where AI could be really helpful.

    • Well, this AI is doing a very bad job of impersonating Linus Torvalds. "Very nice to see"? Not a single swear word? No biting sarcasm? There's no way that's the real Linus.

  • drop some shrooms and mdma and PLUR your way to random code those security holes out while listening to 4 on the floor Techno.

  • I use the crashme program to generate random code. Then I run it through Google translate and self publish on Amazon. Not a bad way to make a living.

      by sinij ( 911942 )
      I use crashme to generate random code, sprinkle it with various progressive words and submit it to gender studies journals. Apparently I am now a world-leading expert on sociolinguistic micro aggressions.
  • I see a lot of asks to fuzz test ICMP and TCP in hopes of finding application-layer issues in various high-level protocols. I see this as a giant waste of time. Am I wrong?

  • As maintainer of a small open source library and program I have benefitted immensely from the efforts of a small number of volunteers running fuzzing programs and using Address Sanitizer to locate bugs in the code I maintain. These volunteers have found bugs and reported them and provided testcases useful for regression testing. I am profoundly grateful to these folks.

