GNU.WIKI: The GNU/Linux Knowledge Base

  [HOME] [PHP Manual] [HowTo] [ABS] [MAN1] [MAN2] [MAN3] [MAN4] [MAN5] [MAN6] [MAN7] [MAN8] [MAN9]

  [0-9] [Aa] [Bb] [Cc] [Dd] [Ee] [Ff] [Gg] [Hh] [Ii] [Jj] [Kk] [Ll] [Mm] [Nn] [Oo] [Pp] [Qq] [Rr] [Ss] [Tt] [Uu] [Vv] [Ww] [Xx] [Yy] [Zz]


NAME

       libzzuf - helper library for the zzuf multiple purpose fuzzer

DESCRIPTION

       libzzuf  is  a  helper  library  automatically  preloaded  by zzuf when
       fuzzing applications, but it can  also  be  used  alone  for  debugging
       purposes or specific cases that cannot be covered by zzuf.

USAGE

       libzzuf  must  be preloaded using the operating system's default way of
       preloading libraries. For instance, on a typical Linux installation:

           LD_PRELOAD=/usr/lib/zzuf/libzzuf.so

ENVIRONMENT VARIABLES

       libzzuf's initial setup is done through  environment  variables.  After
       they  are  read,  no  further  information  can  be  sent to the fuzzed
       process.

       All environment variables are optional.

       ZZUF_DEBUG
              This environment variable is set to the debugging level. 0 means
              no  debugging  information  is  sent  to  zzuf. 1 logs important
              information as well as all diverted functions.  2  logs  fuzzing
              status and all optional file stream information.

       ZZUF_DEBUGFD
              This  environment  variable  is  set  to a file descriptor where
              libzzuf will send debugging information. This is  used  to  send
              data to the main zzuf controlling binary.

       ZZUF_SEED
              This  variable  is set to the initial random seed. Corresponding
              zzuf flag: --seed.

       ZZUF_MINRATIO, ZZUF_MAXRATIO
              These variables are set  to  the  minimal  and  maximal  fuzzing
              ratios.  Corresponding zzuf flag: --ratio.

       ZZUF_AUTOINC
              If  this  variable  is  set, the random seed is incremented each
              time a new file is opened. Corresponding zzuf flag: --autoinc.

       ZZUF_BYTES
              This variable contains byte ranges to which  fuzzing  should  be
              restricted.  Corresponding zzuf flag: --bytes.

       ZZUF_LIST
              This  variable  contains file descriptor ranges to which fuzzing
              should be restricted. Corresponding zzuf flag: --list.

       ZZUF_NETWORK
              If  this  variable  is   set,   network   mode   is   activated.
              Corresponding zzuf flag: --network.

       ZZUF_PORTS
              This  variable  contains  port ranges to which fuzzing should be
              restricted.  Corresponding zzuf flag: --port.

       ZZUF_PROTECT, ZZUF_REFUSE
              These variables contain character ranges to protect  or  refuse.
              Corresponding zzuf flags: --protect, --refuse.

       ZZUF_INCLUDE, ZZUF_EXCLUDE
              These  variables  contain  regular expressions to indicate which
              files should be included or excluded from  the  list  of  fuzzed
              files. Corresponding zzuf flags: --include, --exclude.

       ZZUF_SIGNAL
              If  this  variable  is set, the fuzzed process will be prevented
              from installing signal handlers that  usually  cause  coredumps.
              Corresponding zzuf flag: --signal.

       ZZUF_MEMORY
              This  variable  contains  the  maximum amount of memory that the
              fuzzed process is allowed to allocate. Corresponding zzuf  flag:
              --max-memory.

       ZZUF_STDIN
              If  this  variable  is  set, standard input will be fuzzed, too.
              Corresponding zzuf flag: --stdin.

NOTES

       In order to intercept file and network operations, signal handlers  and
       memory  allocations,  libzzuf  diverts  and  reimplements the following
       functions, which can sometimes be private C library symbols, too:

       Unix file descriptor handling:
              open(),  dup(),  dup2(),  lseek(),  read(),  readv(),   pread(),
              accept(),  socket(),  recv(), recvfrom(), recvmsg(), aio_read(),
              aio_return(), close()

       Standard IO streams:
              fopen(),  freopen(),  fseek(),  fseeko(),   rewind(),   fread(),
              getc(), getchar(), fgetc(), fgets(), ungetc(), fclose()

       Memory management:
              mmap(),   munmap(),   malloc(),   calloc(),   valloc(),  free(),
              memalign(), posix_memalign()

       Required on Linux:
              open64(),   lseek64(),    mmap64(),    _IO_getc(),    getline(),
              getdelim(),  __getdelim(),  getc_unlocked(), getchar_unlocked(),
              fgetc_unlocked(), fgets_unlocked(), fread_unlocked(), __uflow()

       Required on BSD systems:
              fgetln(), __srefill(), __srget()

       Required on Mac OS X:
              map_fd()

       Required on HP-UX:
              __open64(), __lseek64(), __filbuf()

       Required on OpenSolaris:
              freopen64(), fseeko64(), fsetpos64()

       Signal handling:
              signal(), sigaction()

       If an application manipulates file descriptors (reading  data,  seeking
       around)  using  functions  that  are not in that list, libzzuf will not
       fuzz its input consistently and the results should not be trusted.  You
       can  use  a  tool  such  as  ltrace(1)  on  Linux  to  know the missing
       functions.

       On BSD systems, such as FreeBSD or Mac OS X, __srefill() is  enough  to
       monitor  all  standard  IO streams functions. On other systems, such as
       Linux, each function is reimplemented on a  case  by  case  basis.  One
       important   unimplemented   function   is   fscanf(),  because  of  its
       complexity. Missing functions will be added upon user request.

SEE ALSO

       zzuf(1), ld.so(8)

AUTHOR

       Copyright © 2002-2010 Sam Hocevar <sam@hocevar.net>.

       libzzuf and this manual page are free software. They come  without  any
       warranty,   to   the  extent  permitted  by  applicable  law.  You  can
       redistribute them and/or modify them under the terms of the Do What The
       Fuck  You  Want  To  Public  License,  Version  2,  as published by Sam
       Hocevar. See http://sam.zoy.org/wtfpl/COPYING for more details.

       zzuf's webpage  can  be  found  at  http://caca.zoy.org/wiki/zzuf.   An
       overview    of    the    architecture    and    inner   works   is   at
       http://caca.zoy.org/wiki/zzuf/internals.



  All copyrights belong to their respective owners. Other content (c) 2014-2018, GNU.WIKI. Please report site errors to webmaster@gnu.wiki.
Page load time: 0.117 seconds. Last modified: November 04 2018 12:49:43.