AFL fuzzing without root - avoid modifying /proc/sys/kernel/core_pattern - McMap

About

AFL fuzzing without root - avoid modifying /proc/sys/kernel/core_pattern

Asked 16/2, 2016 at 19:10 Answered 17/2, 2016 at 23:43

coredump american-fuzzy-lop

R

1

6

I want to run the American Fuzzy Lop (AFL) fuzzer on a Linux system where I don't have root access. When I do so, the first thing that happens is that it gives me an error message asking me to modify /proc/sys/kernel/core_pattern:

[-] Hmm, your system is configured to send core dump notifications to an external utility. This will cause issues due to an extended delay between the fuzzed binary malfunctioning and this information being eventually relayed to the fuzzer via the standard waitpid() API.

To avoid having crashes misinterpreted as hangs, please log in as root and temporarily modify /proc/sys/kernel/core_pattern, like so:
echo core >/proc/sys/kernel/core_pattern

[-] PROGRAM ABORT : Pipe at the beginning of 'core_pattern'
     Location : check_crash_handling(), afl-fuzz.c:6959

I do understand this error message and why the explanation makes sense.

Unfortunately, modifying /proc/sys/kernel/core_pattern requires root access on the system. I know from experience that the rest of AFL doesn't need root access to work.

Is there a workaround to use AFL without root? (Maybe some alternative user-level way to disable the automatic core-dump handler so it doesn't mess up AFL?) I've read a bunch of questions here about core dumps on Linux, and none of them identified any way to configure the coredump handler on a user-level per-process granularity.

Roundelay answered 16/2, 2016 at 19:10 Comment(0)

A

10

Actually someone request that feature here already:

Source: https://groups.google.com/forum/m/#!msg/afl-users/7arn66RyNfg/BsnOPViuCAAJ

so you just need to set this env variable AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES - as the name suggests you may miss something : )

also see 3) in /docs/env_variables.txt for reference https://github.com/mirrorer/afl/blob/master/docs/env_variables.txt

Antimonyl answered 17/2, 2016 at 23:43 Comment(3)

Thanks for the information! Good find. Question: Does this solve the problem, or just suppress the warning about it? With this flag, AFL will run and won't show the warning message, but will AFL be useful and be able to detect crashes? If not, it seems rather pointless in most cases to suppress the warning if AFL becomes useless (if AFL can't detect crashes). Perhaps that's what the docs mean by "If you are Jakub, you may need AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES. Others need not apply."? Trying to understand the implications of using this flag without changing core_pattern.... – Roundelay 18/2, 2016 at 1:52

i havent tested it, but yeah, you can conclude from the description that it wont work as usual and it probably just supresses the warning. I suggest asking this question on the official afl-users group. Probably you will get more information. – Antimonyl 18/2, 2016 at 3:21

github.com/google/fuzzer-test-suite/issues/60 reports in August 2017 that afl did miss a crash when this env var was set, so I believe it shouldn't be used. – Bankroll 3/1, 2019 at 23:14

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.