Google’s guide is sufficient to follow
wget https://dl.google.com/go/go1.20.1.linux-amd64.tar.gz
tar -xf go1.20.1.linux-amd64.tar.gz
export GOROOT=`pwd`/go
export PATH=$GOROOT/bin:$PATH
at the end of the setup you need to give config file to the syzkaller.
for the workdir, the $GOPATH is going to be syzkaller path , not the GO’s path
For example:
./bin/syz-manager -config=my.cfg
It started to create a corpus.
After a while, if we are lucky, syzkaller hits some vulnerabilities listed below.
We have C-repro in the report section in order to reiterate the vulnerability.
When we compile and run the code, KASAN shows a report
I decided to add a vulnerable kernel driver to the kernel source code and fuzz it by syzlang description.
Downloaded Linux kernel 6.2-rc8
git clone https://github.com/torvalds/linux.git -b v6.2-rc8
Used reference config file
compiled and tested to fuzz.
It’s fuzzing
Created a folder under the drivers folder in the Linux kernel source code.
Copied the vulnerable driver from the wall-of-perdition workshop.
Bir yanıt yazın