217411 – Integrate support for library and binary fuzzing

Bug 217411 - Integrate support for library and binary fuzzing

Summary: Integrate support for library and binary fuzzing

Status:	NEW

Alias:	None

Product:	Tools
Classification:	Unclassified
Component:	libcap (show other bugs)
Hardware:	All Linux

Importance:	P3 enhancement
Assignee:	Tools/Libcap default virtual assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-05-06 21:09 UTC by Andrew G. Morgan
Modified:	2023-05-06 21:09 UTC (History)
CC List:	0 users

See Also:
Kernel Version:
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Andrew G. Morgan 2023-05-06 21:09:22 UTC

A recent audit was performed on libcap and friends by https://x41-dsec.de/ . (The audit was sponsored by the the Open Source Technology Improvement Fund (https://ostif.org/).

Addressing the findings is the subject of

   https://bugzilla.kernel.org/show_bug.cgi?id=217410

As part of the audit, the x41-dsec team developed a fuzzing code harness for the library and some of the binaries. The full details of which are included in text form in the PDF report. I'm filing this enhancement bug to track fully integrating this into the library and tools.

Since the findings from the audit did not include issues derived from the fuzzing, I plan to defer implementing this part until after I release libcap-2.69 (which will include fixes for issues found by the audit).

Note You need to log in before you can comment on or make changes to this bug.