* Dhaval Giani <dhaval.gi...@gmail.com> [180919 13:15]: > Hi folks, > > Sasha and I are pleased to announce the Testing and Fuzzing track at > LPC [ 1 ]. We are planning to continue the discussions from last > year's microconference [2]. Many discussions from the Automated > Testing Summit [3] will also continue, and a final agenda will come up > only soon after that. > > Suggested Topics > > - Syzbot/syzkaller > - ATS > - Distro/stable testing > - kernelci > - kernelci auto bisection > - Unit testing framework > > We look forward to other interesting topics for this microconference > as a reply to this email. > > Thanks! > Dhaval and Sasha > > [1] https://blog.linuxplumbersconf.org/2018/testing-and-fuzzing-mc/ > [2] https://lwn.net/Articles/735034/ > [3] https://elinux.org/Automated_Testing_Summit
Hello, I have a new way to analyze binaries to detect specific calls without the need for source. I would like to discuss Machine Code Trace (MCTrace) at the Testing and Fuzzing LPC track. MCTrace intercepts the application prior to execution and does not rely on a specific user input. It then decodes the machine instructions to follow all control flows to their natural conclusions. This includes control flows that go beyond the boundaries of the static executable code into shared libraries. This new technique avoids false positives which could be produced by static analysis and includes paths that could be missed by dynamic tracing. This type of analysis could be useful in both testing and fuzzing by providing a call graph to a given function. MCTrace was initially designed to help generate the seccomp() filter list, which is a whitelist/blacklist of system calls for a specific application. Seccomp filters easily become outdated when the application or shared library is updated. This can cause failures or security issues [ 1 ]. Other potential uses including examining binary blobs, vulnerability analysis, and debugging. Thank you, Liam R. Howlett [1] https://lwn.net/Articles/738750/
