List,
I had been playing with this idea for a while and it looks like the
proof of concept is ready for releasing!
There was a discussion on #afl-users IRC channel about whether it makes
sense to repeat fuzzing of already tested projects. While quite a few
people would argue that it makes more sense to concentrate on building
better test corporas, I find some benefit in regression testing and
inviting people to continue my fuzzing where I left it, adding new test
cases and other ideas. Given that I'm still going through the "fuzz all
the things" phase, I figured I'd try to lower the bar a bit by making
fuzzing more accessible.
So this was my idea: create a Debian repository where the user can
quickly download a package for the program he wants to fuzz, without
messing with the build system and waiting for the compilation to finish.
The package built with afl-fuzz instrumentation can then easily be
shared with others by just copying the repo URL to /etc/apt/sources.list.
In order to achieve that, I read up on how Debian packages can be
rebuilt and created "aflize" script that basically sets CC=afl-gcc
CXX=afl-g++, enables ASAN and AFL_HARDEN. Then I created a Docker
environment in which all the packages are rebuilt with those settings
and created a Debian repository out of it. A few packages didn't
actually use AFL instrumentation (for example GCC, which tries to
bootstrap itself), some didn't built at all (e.g. systemd, possibly
because of compiler errors), but for example I had some success with
dpkg and I think I even found some suspicious input. Anyway, having no
idea where to put there repo I decided to upload it to Github pages. In
order to try it out, run "sudo docker run -ti debian:sid" and instead of
original /etc/apt/sources.list contents, just put this:
deb
http://d33tah.github.io/afl-sid-repo sid main
Then run apt-get update and try some package from Debian base by running
a command line apt-get install --reinstall packagename. The packages
aren't signed at the moment.
You can also try downloading my afl-sid Github repository [1] and trying
out aflize on a Debian package you come up with - let me know if you
managed to get it running or need some more help.
What do you think about this idea?
Cheers,
d33tah