On Mon, Jul 18, 2016 at 1:07 PM, Roberts, William C <william.c.roberts@xxxxxxxxx> wrote: >> -----Original Message----- >> From: Stephen Smalley [mailto:sds@xxxxxxxxxxxxx] >> Sent: Monday, July 18, 2016 6:21 AM >> To: Roberts, William C <william.c.roberts@xxxxxxxxx>; selinux@xxxxxxxxxxxxx >> Subject: Re: RFC Fuzzing SE Linux interfaces >> >> On 07/15/2016 04:18 PM, Roberts, William C wrote: >> > >> > >> > A quick google search didn’t yield much, neither did a grep of the >> > selinux-testsuite, but is their currently any fuzzing work being done >> > on the selinux interfaces? >> >> Not AFAIK. There are general system call fuzzers for Linux such trinity and >> syzkaller; if you want to do full fledged fuzzing, you probably want to use one of >> those frameworks rather than rolling your own in selinux-testsuite. On the other > > I planned on using one of the frameworks, not sure which yet. I didn't plan on adding > Any fuzzing tests into selinux-testsuite. However, if I find issues, I'll likely take the malformed > Input and create a test case on that one, that way we can at least detect regressions on > Known bad inputs. Yes, fuzzing doesn't belong in selinux-testsuite; I want to keep that as a relatively simple testsuite that is reasonably self-contained and can be run easily and quickly. Think regression testing. >> hand, if you just want to write some specific tests of the selinuxfs and >> /proc/pid/attr interfaces and add them to selinux-testsuite, that's fine too. >> >> > Also, I noticed that the test suite has some ToDo’s and I didn’t see >> > tests surrounding ioctlcmd there, are their some implemented? >> >> Not implemented yet, but they are mentioned in the ToDo list: >> $ grep ioctl ToDo >> ioctl: Test new ioctl whitelisting feature. > > IMHO we should probably not take new features without a tests. Yes, that is something I'm getting stricter about. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
