“Those weapons of mass destruction have got to be somewhere!”
|--George W. Bush, Washington, DC, March 24, 2004|
This chapter introduces iFUZZ, a program that implements fuzzing for local applications. The main targets here are command-line arguments and environment variables in
setuid UNIX programs, which were discussed in Chapter 7, “Environment Variable and Argument Fuzzing.” In this chapter, we discuss the features of iFUZZ, explain the design decisions, and discuss how iFUZZ was used to uncover numerous local vulnerabilities in IBM AIX 5.3.
iFUZZ contains several features you might have envisioned for a local fuzzer. Among these features is an engine ...