Announcement

Collapse
No announcement yet.

Syzbot: Google Continuously Fuzzing The Linux Kernel

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • PeeJay
    replied
    Originally posted by gabe View Post
    Glad to see Google giving back to the community somewhat. It has been cashing on Linux/Android through mobile ads.
    Wasn't it google who who solved the last few pieces of the puzzle to implement deep learning, and then gave us all a bunch of libraries?

    Leave a comment:


  • jonri
    replied
    Originally posted by r08z View Post
    So let me get this straight, this fuzzer tool will automatically call home when it detects bugs?
    I'm holding out for version 2 of this tool, when it automatically posts a patch to the mailing list as well


    Leave a comment:


  • numacross
    replied
    Originally posted by r08z View Post
    So let me get this straight, this fuzzer tool will automatically call home when it detects bugs?
    Pretty much yeah. But there's a twist to it since the whole idea is to automate the find bug-report-fix-verify cycle. From my first look it seems that it tries to group errors that have the same cause and reports them. After a fix is deployed to any tree the fuzzer is watching it will verify the fix and close the bug report. All errors that look like those already fixed will reopen issues.

    The more stuff like this that's developed in the open and helps to make the base levels of our software stack more secure is always welcome.

    Leave a comment:


  • r08z
    replied
    So let me get this straight, this fuzzer tool will automatically call home when it detects bugs?

    Leave a comment:


  • pgeorgi
    replied
    Originally posted by DrYak View Post
    Would be great if some devs (on big distro's payroll ? Redhat ? Suse ?) could adapt the pipe line for the other pieces beside the kernel which are critical for GNU/Linux but that Google is unlikely to fuzz-test themselves due them being not relevant in Android.

    (e.g.: core libraries like Glibc, important libraries like openSSL or even stuff like systemd)
    Like https://github.com/google/oss-fuzz?

    The problem is more if there are enough resources to run the fuzzers on, rather than developing the pipeline (which already exists). Hosting companies like Amazon, DigitalOcean, Linode et al are in a better position to contribute in that area (assuming they have spare capacity) than Redhat and Suse.

    Leave a comment:


  • DrYak
    replied
    Would be great if some devs (on big distro's payroll ? Redhat ? Suse ?) could adapt the pipe line for the other pieces beside the kernel which are critical for GNU/Linux but that Google is unlikely to fuzz-test themselves due them being not relevant in Android.

    (e.g.: core libraries like Glibc, important libraries like openSSL or even stuff like systemd)

    Leave a comment:


  • sireangelus
    replied
    Originally posted by gabe View Post
    Glad to see Google giving back to the community somewhat. It has been cashing on Linux/Android through mobile ads.
    because they are not developing coreboot. or have never ever put any kind of commit to the linux kernel before this, including arm plus other works.

    Leave a comment:


  • gabe
    replied
    Glad to see Google giving back to the community somewhat. It has been cashing on Linux/Android through mobile ads.

    Leave a comment:


  • phoronix
    started a topic Syzbot: Google Continuously Fuzzing The Linux Kernel

    Syzbot: Google Continuously Fuzzing The Linux Kernel

    Phoronix: Syzbot: Google Continuously Fuzzing The Linux Kernel

    On the Linux kernel mailing list over the past week has been a discussion about Syzbot, an effort by Google for continuously fuzzing the mainline Linux kernel and its branches with automatic bug reporting...

    http://www.phoronix.com/scan.php?pag...Kernel-Fuzzing
Working...
X