#24154: Look into fuzzing our tor-browser patches -------------------------------------------------+------------------------- Reporter: gk | Owner: tbb- | team Type: task | Status: new Priority: Very High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: TorBrowserTeam201711, | Actual Points: GeorgKoppen201711 | Parent ID: | Points: Reviewer: | Sponsor: | Sponsor4 -------------------------------------------------+-------------------------
Comment (by gk): To sum up on where we are with this: To get started with fuzzing the Firefox codebase it seems worth trying to get our own patches under scrutiny first. Firefox itself is regularly fuzzed by an own, specialized team targeting different components (like the JS engines). As we don't have any JS engine patches ourselves there is no need for looking for a specialized tool in that area. Instead I started to look into `domfuzz` (https://github.com/MozillaSecurity/domfuzz) while glancing over `domato` (https://github.com/google/domato) which we might deploy later on. I got `domfuzz` running locally and started fuzzing our code using ASan builds (see: #21998 and #24478). There are some challenges we might want to consider, though, to make this a smoother and more successful experience: 1) We are using ESR 52 and git and the fuzzing code is expecting `mozilla- central` and a mercurial repo. We can work around that but might benefit from the idea to at least rebase our patches to `mozilla-central` regularly (see: https://lists.torproject.org/pipermail/tbb- dev/2017-November/000669.html) and use that. That might as help with the plan to discover issues in the Firefox codebase itself. 2) Doing fuzzing on local computer does not scale and does not give good results. Thus, we need to get dedicated machines for that thinking about budget etc. I asked Mozilla if we could share resources somehow but they declined for good reasons. But they are willing to help us to duplicate their infrastructure or at least to get their tools running for us. 3) There is currently no process established to get the feedback from the fuzzing efforts back into the development cycle (like ticket creation, ticket assignments and working on them). -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24154#comment:3> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs