This project is based on Linux Driver to manage system memory, deadlocks and crash.
- Technique to feed random inputs to system calls present in running kernel
- Achieved through automated programs.
- Continuous Process. Keep on thrashing the system calls.
- Based on Coverage guided fuzzing
- Starts with basic random input test case
- Mutates into new test cases
- Report valid test cases back to corpus
- Remove redundant ones.
Blockers Encountered –
Custom Kernel
- No official standard documentation for building custom kernel image from RedHat or Ununtu.
- Documentation works for one version and fails for another.
- Not all the kernel source code provided was compiled successfully with the config flags required for fuzzing.
- Builds with base kernel version and do not include patch/release in final kernel image.
- Don’t share which config file to pick for building custom kernel
- Issues faced while building a final package of custom kernel image.
DCS Drivers
- Unable to load DCS drivers on custom kernel image.
- No build framework available for building DCS drivers for a particular custom kernel version.
- Can’t use the existing kernel headers for the same kernel
- No intelligence in build scripts to separate out Fuzzing kmod and regular kmod packages
Implementation of Linux Fuzzing
Setting up the Environment
- Install a Linux distribution (e.g., Ubuntu, Debian) on a virtual machine or a dedicated testing environment.
- Install essential tools like
gcc
(for compiling),gdb
(for debugging), and other dependencies.
Fuzzing Tool Used
- Skyzkaller: Specifically designed for fuzzing the Linux kernel.
Linux fuzzing is a critical part of securing Linux systems and applications, helping developers identify and fix vulnerabilities before they can be exploited. Proper implementation involves setting up a suitable environment, selecting the right tools, configuring them, and thoroughly analyzing the results to improve the security and stability of the software.