Changeset 1569 for zzuf/trunk/doc


Ignore:
Timestamp:
Jan 5, 2007, 10:33:28 PM (14 years ago)
Author:
Sam Hocevar
Message:
  • Split the bugs manpage section into bugs and restrictions.
  • Listed diverted functions.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • zzuf/trunk/doc/zzuf.1

    r1564 r1569  
    1717.PP
    1818\fBZzuf\fR is a transparent application input fuzzer. It works by intercepting
    19 file operations and changing random bits in the program's input. \fBZzuf\fR's
    20 behaviour is deterministic, making it easy to reproduce bugs.
     19file and network operations and changing random bits in the program's input.
     20\fBZzuf\fR's behaviour is deterministic, making it easy to reproduce bugs.
    2121.SH USAGE
    2222.PP
     
    4949\fB    zzuf \-I \(aq^file\\.txt$\(aq cat file.txt\fR
    5050
    51 See the \fB\-I\fR flag for more information.
     51See the \fB\-I\fR flag for more information on restricting fuzzing to
     52specific files.
    5253.TP
    5354\fB\-d\fR, \fB\-\-debug\fR
     
    183184\fB    zzuf -s 94324 -r 0.01 cat /etc/motd\fR
    184185.PP
    185 Fuzz the input of the \fBcat\fR program but do not fuzz the newline character
     186Fuzz the input of the \fBcat\fR program but do not fuzz newline characters
    186187and prevent non-ASCII characters from appearing in the output:
    187188.PP
     
    213214\fB    zzuf -c -q -s 0:10000 -F 3 -T 60 -r 0.02 \\\fR
    214215\fB      mplayer -- -benchmark -vo null -fps 1000 movie.avi\fR
    215 .SH BUGS
     216.SH RESTRICTIONS
    216217.PP
    217218Due to \fBzzuf\fR using shared object preloading (\fBLD_PRELOAD\fR on most
     
    219220processes, it will fail in the presence of any mechanism that disables
    220221preloading. For instance setuid root binaries will not be fuzzed when run
    221 as an unprivileged user. This limitation will probably not be addressed.
    222 .PP
    223 It is not yet possible to insert or drop bytes from the input, to fuzz
    224 according to the file format, or to do all these complicated operations. These
    225 features are planned.
    226 .PP
    227 Only the most common file operations are implemented: \fBopen\fR(),
    228 \fBread\fR(), \fBfopen\fR(), \fBfseek\fR(), etc. One important unimplemented
    229 function is \fBfscanf\fR(). These features will be implemented based on user
    230 request.
    231 .PP
    232 As of now, \fBzzuf\fR does not really support multithreaded applications. The
    233 behaviour with multithreaded applications where more than one thread does file
    234 descriptor operations is undefined. This bug will be fixed.
     222as an unprivileged user.
    235223.PP
    236224Though best efforts are made, identical behaviour for different versions of
    237225\fBzzuf\fR is not guaranteed. The reproducibility for subsequent calls on
    238226different operating systems and with different target programs is only
    239 guaranteed when the same version of \fBzzuf\fR is used.
     227guaranteed when the same version of \fBzzuf\fR is being used.
     228.SH BUGS
     229.PP
     230It is not yet possible to insert or drop bytes from the input, to fuzz
     231according to the file format, to swap bytes, etc. More advanced fuzzing
     232methods are planned.
     233.PP
     234As of now, \fBzzuf\fR does not really support multithreaded applications. The
     235behaviour with multithreaded applications where more than one thread does file
     236descriptor operations is undefined.
     237.SH NOTES
     238In order to intercept file and network operations, \fBzzuf\fR diverts and
     239reimplements the following functions:
     240.TP
     241Unix low-level file and socket handling:
     242\fBopen\fR(), \fBlseek\fR(), \fBread\fR(), \fBaccept\fR(), \fBsocket\fR(),
     243\fBclose\fR()
     244.TP
     245Standard IO streams:
     246\fBfopen\fR(), \fBfseek\fR(), \fBfread\fR(), \fBgetc\fR(), \fBfgetc\fR(),
     247\fBfgets\fR(), \fBungetc\fR(), \fBfclose\fR()
     248.TP
     249GNU libc specific:
     250\fBopen64\fR(), \fBlseek64\fR(), \fBgetline\fR(), \fBgetdelim\fR(),
     251\fB__getdelim\fR()
     252.TP
     253BSD specific:
     254\fBfgetln\fR()
     255.PP
     256One important unimplemented function is \fBfscanf\fR() because of its
     257important complexity. Missing functions will be implemented based upon user
     258request.
    240259.SH HISTORY
    241260.PP
    242261\fBZzuf\fR started its life in 2002 as the \fBstreamfucker\fR tool, a small
    243262multimedia stream corrupter used to find bugs in the \fBVLC\fR media player.
    244 \fBZzuf\fR is a complete rewrite of that tool.
    245263.SH AUTHOR
    246264.PP
Note: See TracChangeset for help on using the changeset viewer.