June 2007
Intermediate to advanced
576 pages
14h 20m
English
“Those weapons of mass destruction have got to be somewhere!”
—George W. Bush, Washington, DC, March 24, 2004
This chapter introduces iFUZZ, a program that implements fuzzing for local applications. The main targets here are command-line arguments and environment variables in setuid UNIX programs, which were discussed in Chapter 7, “Environment Variable and Argument Fuzzing.” In this chapter, we discuss the features of iFUZZ, explain the design decisions, and discuss how iFUZZ was used to uncover numerous local vulnerabilities in IBM AIX 5.3.
iFUZZ contains several features you might have envisioned for a local fuzzer. Among these features ...