[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-bash] Fwd: Testing for Shellshock...
From: |
Rick Karcich |
Subject: |
[Help-bash] Fwd: Testing for Shellshock... |
Date: |
Wed, 15 Oct 2014 12:00:39 -0600 |
Inasmuch as, there apparently is now a fuzz test script(courtesy of Michal
Zalewski, <
http://lcamtuf.blogspot.ie/2014/10/bash-bug-how-we-finally-cracked.html >
that identifies the bash bug...
I believe it would be interesting to measure the combinatorial coverage of
the fuzz tests. So we would be able to say what percentage of 2-way,
3-way, etc. combinations are covered, which would be useful in
understanding the difficulty of finding the bug using tests. For example,
it may be that the test script produces a high level of 4-way combination
coverage, suggesting that the bug is complex and that a high proportion of
the possible input space needs to be covered by tests to detect the problem
(that we would need 4-way or 5-way testing).
This may depend on how tailored the fuzz tests are for finding this
particular bug. Obviously they could be very narrowly tailored and not
cover much of the input space. We would have to measure the coverage to
see.
I’m asking this group for feedback... do you think the fuzz test scripts
that have been developed could be analyzed in this way? To measure the
combination coverage, we just need test values in a matrix or spreadsheet
format, where each row is a test and each column represents a parameter.
Could we run the fuzz test scripts and produce such a matrix?
Please let me know --
Rick
- [Help-bash] Fwd: Testing for Shellshock...,
Rick Karcich <=