Trinity Linux System Call Fuzz Tester Effectively Suspended
Dave Jones, a former Linux kernel engineer at Red Hat, is effectively suspending the future public development of his Trinity system call fuzzer.
Dave had been developing Trinity for the past several years as a Linux system call fuzzer with the original intention of finding Linux kernel bugs -- oopses, etc, not particularly security bugs. However, he has grown frustrated by many people using Trinity without contributing back to the project. Additionally, there's many using Trinity for trying to find security issues and not submitting their Trinity changes back upstream.
There are security researchers using Trinity without submitting back their improvements in trying to keep the work and findings for themselves. This issue was made worse recently when Dave found out that the Italian-based Hacking Team, which has been making the news rounds recently for selling their software to repressive governments, had their own modified version of Trinity. Hacking Team had modified Trinity to do fuzzing of the ioctl() on Android for finding security items to exploit.
Thus for now, Dave Jones has decided not to make any future feature development work on Trinity public. He wrote in a blog post today, "It’s a project everyone wants to take from, but no-one wants to give back to. And that’s why for the foreseeable future, I’m unlikely to make public any further feature work I do on it. I’m done enabling assholes."
Dave had been developing Trinity for the past several years as a Linux system call fuzzer with the original intention of finding Linux kernel bugs -- oopses, etc, not particularly security bugs. However, he has grown frustrated by many people using Trinity without contributing back to the project. Additionally, there's many using Trinity for trying to find security issues and not submitting their Trinity changes back upstream.
There are security researchers using Trinity without submitting back their improvements in trying to keep the work and findings for themselves. This issue was made worse recently when Dave found out that the Italian-based Hacking Team, which has been making the news rounds recently for selling their software to repressive governments, had their own modified version of Trinity. Hacking Team had modified Trinity to do fuzzing of the ioctl() on Android for finding security items to exploit.
Thus for now, Dave Jones has decided not to make any future feature development work on Trinity public. He wrote in a blog post today, "It’s a project everyone wants to take from, but no-one wants to give back to. And that’s why for the foreseeable future, I’m unlikely to make public any further feature work I do on it. I’m done enabling assholes."
10 Comments