AFL fuzzing without root - avoid modifying /proc/sys/kernel/core_pattern

12.7k views Asked by At

I want to run the American Fuzzy Lop (AFL) fuzzer on a Linux system where I don't have root access. When I do so, the first thing that happens is that it gives me an error message asking me to modify /proc/sys/kernel/core_pattern:

[-] Hmm, your system is configured to send core dump notifications to an external utility. This will cause issues due to an extended delay between the fuzzed binary malfunctioning and this information being eventually relayed to the fuzzer via the standard waitpid() API.

To avoid having crashes misinterpreted as hangs, please log in as root and temporarily modify /proc/sys/kernel/core_pattern, like so:

echo core >/proc/sys/kernel/core_pattern

[-] PROGRAM ABORT : Pipe at the beginning of 'core_pattern'
     Location : check_crash_handling(), afl-fuzz.c:6959

I do understand this error message and why the explanation makes sense.

Unfortunately, modifying /proc/sys/kernel/core_pattern requires root access on the system. I know from experience that the rest of AFL doesn't need root access to work.

Is there a workaround to use AFL without root? (Maybe some alternative user-level way to disable the automatic core-dump handler so it doesn't mess up AFL?) I've read a bunch of questions here about core dumps on Linux, and none of them identified any way to configure the coredump handler on a user-level per-process granularity.

1

There are 1 answers

3
wintermute On

Actually someone request that feature here already:

Source: https://groups.google.com/forum/m/#!msg/afl-users/7arn66RyNfg/BsnOPViuCAAJ

so you just need to set this env variable AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES - as the name suggests you may miss something : )

also see 3) in /docs/env_variables.txt for reference https://github.com/mirrorer/afl/blob/master/docs/env_variables.txt