[mosh-devel] mosh continuous fuzzing improvement suggestion
David Benjamin
davidben at davidben.net
Tue Jun 25 12:53:18 EDT 2019
This is also why the oss-fuzz integration hasn't done anything. Mosh just
has a yaml file in there, with no build definitions or fuzz targets. See:
https://github.com/google/oss-fuzz/blob/master/docs/new_project_guide.md#overview
https://github.com/google/oss-fuzz/blob/master/README.md#accepting-new-projects
(mosh never did step 2)
On Tue, Jun 25, 2019, 10:12 Yevgeny Pats <yp at fuzzit.dev> wrote:
> Hi Keith,
>
> Thanks for the detailed response.
>
> Just to make sure I understood correctly, there are two main steps for
> continuous fuzzing integration for Mosh:
>
> 1) Writing the appropriate libFuzzer targets.
> 2) Integrating with Continuous Fuzzing platform that will fuzz those
> targets in parallel to the development workflow - Fuzzit Integration.
>
> Actually I thought there are some targets already but now I see there are
> no targets yet, so it will require more work.
> I'll be happy if someone can help with writing at least one fuzz target so
> we can get the ball rolling and I'll write the integration (The additional
> step in Travis to compile the target and send to Fuzzit). I can write also
> one fuzz target myself but it will take more time since I'm not familiar
> yet with the particular code base.
>
> Best,
> Yevgeny
>
>
>
> On Tue, Jun 25, 2019 at 5:37 AM Keith Winstein <keithw at cs.stanford.edu>
> wrote:
>
>> Hello Yevgeny,
>>
>> Thanks for getting in touch. We were included in the oss-fuzz repository,
>> but I'm not sure anybody ever actually did the work of integrating Mosh or
>> fuzzing it. (People have separately fuzzed the terminal emulator and found
>> some overcautious assertions that we ended up removing; see
>> https://github.com/mobile-shell/mosh/issues/667 ). We certainly never
>> heard anything from them -- if we were supposed to do something on our end
>> beyond submitting the initial pull request to be included, we didn't do it.
>>
>> If you want to fuzz Mosh, we'd love to help you. I think you probably
>> want to fuzz Mosh at several different layers, e.g.:
>>
>> - raw datagram input
>> - network input after removing encryption and validation of the integrity
>> check
>> - network input after removing encryption, integrity validation, and
>> compression
>> - network input to the terminal emulator (e.g. arbitrary actions on the
>> CompleteTerminal object)
>> - user keyboard input
>>
>> Best regards,
>> Keith
>>
>>
>>
>> On Sun, Jun 23, 2019 at 8:16 PM Yevgeny Pats <yp at fuzzit.dev> wrote:
>>
>>> Hi Keith,
>>>
>>> I'm Yevgeny Pats, founder of Fuzzit <https://fuzzit.dev/> - a
>>> continuous fuzzing as a service platform.
>>>
>>> We are providing free continuous fuzzing + PR sanity tests to OSS
>>> projects. I know you are using OSS-fuzz so I wanted to know what the
>>> current status of the integration and if you need additional resources or
>>> features.
>>>
>>> I'll be happy to help create an integration with Fuzzit. We provide
>>> continuous fuzzing for projects like systemd, radare, apache.
>>>
>>> You can read about systemd-fuzzit case study here
>>> <https://fuzzit.dev/2019/06/20/continuous-fuzzing-systemd-case-study/> where
>>> they use our platform in addition to OSS-fuzz.
>>>
>>> Also, will be happy to discuss fuzzing in general and share ideas.
>>>
>>> Looking forward to hearing from you,
>>>
>>> Yevgeny Pats,
>>> Founder & CEO, Fuzzit
>>>
>> _______________________________________________
> mosh-devel mailing list
> mosh-devel at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mosh-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mosh-devel/attachments/20190625/5b5c07fb/attachment.html
More information about the mosh-devel
mailing list