plucky (3) libzzuf.3.gz

Provided by: zzuf_0.15-5_amd64 bug

NAME
       libzzuf - helper library for the zzuf multiple purpose fuzzer


DESCRIPTION
       libzzuf is a helper library automatically preloaded by zzuf when fuzzing applications, but it can also be
       used alone for debugging purposes or specific cases that cannot be covered by zzuf.


USAGE
       libzzuf must be preloaded using the operating system's default way of preloading libraries. For instance,
       on a typical Linux installation:

           LD_PRELOAD=/usr/lib/zzuf/libzzuf.so


ENVIRONMENT VARIABLES
       libzzuf's  initial  setup  is  done  through  environment  variables.  After  they  are  read, no further
       information can be sent to the fuzzed process.

       All environment variables are optional.

       ZZUF_DEBUG
              This environment variable is set to the debugging level. 0 means no debugging information is  sent
              to zzuf. 1 logs important information as well as all diverted functions. 2 logs fuzzing status and
              all optional file stream information.

       ZZUF_DEBUGFD
              This environment variable  is  set  to  a  file  descriptor  where  libzzuf  will  send  debugging
              information. This is used to send data to the main zzuf controlling binary.

       ZZUF_SEED
              This variable is set to the initial random seed. Corresponding zzuf flag: --seed.

       ZZUF_MINRATIO, ZZUF_MAXRATIO
              These  variables  are  set  to  the  minimal and maximal fuzzing ratios.  Corresponding zzuf flag:
              --ratio.

       ZZUF_AUTOINC
              If this variable is set, the  random  seed  is  incremented  each  time  a  new  file  is  opened.
              Corresponding zzuf flag: --autoinc.

       ZZUF_BYTES
              This  variable  contains  byte  ranges  to which fuzzing should be restricted.  Corresponding zzuf
              flag: --bytes.

       ZZUF_LIST
              This variable contains file descriptor ranges to which fuzzing should be restricted. Corresponding
              zzuf flag: --list.

       ZZUF_NETWORK
              If this variable is set, network mode is activated. Corresponding zzuf flag: --network.

       ZZUF_PORTS
              This  variable  contains  port  ranges  to which fuzzing should be restricted.  Corresponding zzuf
              flag: --port.

       ZZUF_PROTECT, ZZUF_REFUSE
              These variables  contain  character  ranges  to  protect  or  refuse.  Corresponding  zzuf  flags:
              --protect, --refuse.

       ZZUF_INCLUDE, ZZUF_EXCLUDE
              These variables contain regular expressions to indicate which files should be included or excluded
              from the list of fuzzed files. Corresponding zzuf flags: --include, --exclude.

       ZZUF_SIGNAL
              If this variable is set, the fuzzed process will be prevented from installing signal handlers that
              usually cause coredumps. Corresponding zzuf flag: --signal.

       ZZUF_MEMORY
              This  variable  contains  the  maximum  amount  of  memory  that  the fuzzed process is allowed to
              allocate. Corresponding zzuf flag: --max-memory.

       ZZUF_STDIN
              If this variable is set, standard input will be fuzzed, too. Corresponding zzuf flag: --stdin.


NOTES
       In order to intercept file and network  operations,  signal  handlers  and  memory  allocations,  libzzuf
       diverts and reimplements the following functions, which can sometimes be private C library symbols, too:

       Unix file descriptor handling:
              open(),  dup(), dup2(), lseek(), read(), readv(), pread(), accept(), socket(), recv(), recvfrom(),
              recvmsg(), aio_read(), aio_return(), close()

       Standard IO streams:
              fopen(), freopen(), fseek(), fseeko(), rewind(), fread(),  getc(),  getchar(),  fgetc(),  fgets(),
              ungetc(), fclose()

       Memory management:
              mmap(), munmap(), malloc(), calloc(), valloc(), free(), memalign(), posix_memalign()

       Required on Linux:
              open64(),  lseek64(),  mmap64(), _IO_getc(), getline(), getdelim(), __getdelim(), getc_unlocked(),
              getchar_unlocked(), fgetc_unlocked(), fgets_unlocked(), fread_unlocked(), __uflow()

       Required on BSD systems:
              fgetln(), __srefill(), __srget()

       Required on Mac OS X:
              map_fd()

       Required on HP-UX:
              __open64(), __lseek64(), __filbuf()

       Required on OpenSolaris:
              freopen64(), fseeko64(), fsetpos64()

       Signal handling:
              signal(), sigaction()

       If an application manipulates file descriptors (reading data, seeking around) using  functions  that  are
       not in that list, libzzuf will not fuzz its input consistently and the results should not be trusted. You
       can use a tool such as ltrace(1) on Linux to know the missing functions.

       On BSD systems, such as FreeBSD or Mac OS X, __srefill() is enough to monitor  all  standard  IO  streams
       functions.  On  other systems, such as Linux, each function is reimplemented on a case by case basis. One
       important unimplemented function is fscanf(), because of its complexity. Missing functions will be  added
       upon user request.


SEE ALSO
       zzuf(1), ld.so(8)


AUTHOR
       Copyright © 2002-2015 Sam Hocevar <sam@hocevar.net>.

       libzzuf  and  this manual page are free software. They come without any warranty, to the extent permitted
       by applicable law. You can redistribute them and/or modify them under the terms of the Do What  the  Fuck
       You  Want  to  Public License, Version 2, as published by the WTFPL Task Force. See http://www.wtfpl.net/
       for more details.

       zzuf's webpage can be found at http://caca.zoy.org/wiki/zzuf.  An overview of the architecture and  inner
       works is at http://caca.zoy.org/wiki/zzuf/internals.