Fedora 23 Update: trinity-1.6-1.fc23

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 12 23:31:14 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-d7b0e6119f
2015-11-12 21:43:25.126539
--------------------------------------------------------------------------------

Name        : trinity
Product     : Fedora 23
Version     : 1.6
Release     : 1.fc23
URL         : http://codemonkey.org.uk/projects/trinity/
Summary     : System call fuzz tester
Description :
Trinity makes syscalls at random, with random arguments.  Where Trinity
differs from other fuzz testers is that the arguments it passes are not
purely random.

We found some bugs in the past by just passing random values, but once
the really dumb bugs were found, these dumb fuzzers would just run and
run.  The problem was if a syscall took for example a file descriptor as
an argument, one of the first things it would try to do was validate
that fd.  Being garbage, the kernel would just reject it as -EINVAL of
course.  So on startup, Trinity creates a list of file descriptors, by
opening pipes, scanning sysfs, procfs, /dev, and creates a bunch of
sockets using random network protocols.  Then when a syscall needs an
fd, it gets passed one of these at random.

File descriptors aren't the only thing Trinity knows about.  Every
syscall has its arguments annotated, and where possible it tries to
provide something at least semi-sensible. "Length" arguments for example
get passed one of a whole bunch of potentially interesting values.
(Powers of 2 +/-1 are a good choice for triggering off-by-one bugs it
seems).

Trinity also shares those file descriptors between multiple threads,
which causes havoc sometimes.

If a child process successfully creates an mmap, the pointer is stored,
and fed to subsequent syscalls, sometimes with hilarious results.

--------------------------------------------------------------------------------
Update Information:

  trinity-1.6-1.fc23  - Assorted improvements to the tuned random number
generation. - Various networking related improvements/fixes:     - tcp: add
TCP_TIMESTAMP, TCP_NOTSENT_LOWAT & TCP_CC_INFO socket options.     - ipv6:
Improved generation of random addresses. (No longer just localhost)     - ipv6:
Added 14 missing socket options.     - ipv6: Now passes correct lengths for
socket options. (Note: This change may break older glibcs)     - Beginnings of
some better proto-alg sockaddr generation.     - Recognise PF_IB and PF_MPLS
network protocols     - Socket generation improvements. (Picks right socket type
to go with protocol)     - Now supports an ARG_SOCKETINFO for syscalls that
operate primarily on sockets. (Still occasionally passes random fd's)     -
accept, accept4, bind, connect, getpeername, getsockname, recv, setsockopt, send
converted to use ARG_SOCKETINFO.     - setsockopt now also matches the protocol
of the socket passed to the right setsockopt args.     - netlink socket
generation fix (pid is a portid, not a process id)     - The -P parameter no
longer accepts the incomprehensible numeric form of arguments, just names.     -
The PF_ prefix to the -P parameter is now optional, so you can just say 'UNIX'
instead of 'PF_UNIX'. - Updates to keep up with new upstream kernel changes.
- Updated perf_event_open syscall to include 4.1 changes     - Updated syscall
lists         - alpha: execveat, getrandom, memfd_create         - s390[x]:
execveat, NUMA related syscalls         - parisc: execveat         - mips: add
new prctls for PR_SET_FP_MODE / PR_GET_FP_MODE     - Support for new fallocate
flags (FALLOC_FL_INSERT_RANGE) - Watchdog:     - Remove some false-positive
triggering checks from the watchdog.     - Watchdog process is now nice'd to -19
- Monitor how many processes are currently stalled.     - If all child processes
are stalled, send SIGKILLs to 50% - Misc:     - New fd generators for drm dumb
buffers & inotify watches.     - blacklist /dev/sd* from the fd list, so we can
be a bit safer when running as root with --dropprivs     - Fixed the 'bind
process to CPU' code to only pick online CPUs.     - Self-corruption checks
added to child processes, like the watchdog code already did.     - Remove guard
pages around shm.     - In debug mode, write protect the shm before making
syscalls.     - Refactoring of logging code.     - Various code cleanups as
usual.     - No longer tries to mmap 1GB pages if running with less than 8GB
free.
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update trinity' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list