Skip to content

How to properly use AFL++ docker image? #211

New issue
New issue
Closed
Closed
How to properly use AFL++ docker image?#211
@fuzzah

Description

@fuzzah
fuzzah
opened on Feb 25, 2020
Contributor

Hi.
I've never used docker before :(

Q1
What i've come to so far is that to build AFLplusplus docker image, i should do the following:

$ git clone https://github.com/vanhauser-thc/AFLplusplus
$ cd AFLplusplus
$ sudo docker build -t aflplusplus .

Seems like docker build should be started as root, otherwise i receive error, that docker can't connect to docker daemon socket.
Also docker build requires path to directory that holds Dockerfile.

If that's correct, i suppose README.md needs to be updated accordingly.

Q2
I also noticed, that 32-bit libraries failed to build in docker container. Furthermore, in that case we're not able to quickly fix it by installing some additional packages and running make again, as AFLplusplus directory gets deleted at the end of docker build process. :(

Q3
I have built my image, and then i start container with this command:

# docker run -it --name afl --rm aflplusplus

There are afl-* binaries present with libraries like libdislocator.
How to use them? Should i somehow transfer sources of my tested projects to the container? In that case what about my billions of RHEL SourceRPM legacy dependencies?
Or should i take AFL binaries from container to my system? Neither of that?

Thanks in advance!

Activity

vanhauser-thc

vanhauser-thc commented on Feb 25, 2020

@vanhauser-thc
vanhauser-thc
on Feb 25, 2020
Member

Hi fuzzah,

well the README is for people who know and use docker :) so your Q1 is rather obvious for those people ;) but I will update the readme for Q1.

Q2 - same. you can commit changes to a docker container, read up how to do that.

Q3 - same. you can import directory with the -v option. the dependencies should never be an issue as you need to compile (mostly) static to fuzz a target effieciently

fuzzah

fuzzah commented on Feb 25, 2020

@fuzzah
fuzzah
on Feb 25, 2020
ContributorAuthor

@vanhauser-thc thank you.
Could you please explain what happens if i don't compile my fuzzed targets as static binaries in terms of efficiency? If i statically build my targets, what about libraries like libdislocator and sanitizers? I thought it's better to use them for efficiency in bugs discovery.

vanhauser-thc

vanhauser-thc commented on Feb 25, 2020

@vanhauser-thc
vanhauser-thc
on Feb 25, 2020
Member

You build static the libraries you want to fuzz (e.g. with libxml2.a). but you would not compile all library static to your target (e.g. glibc)

vanhauser-thc
closed this as completedon Feb 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @vanhauser-thc@fuzzah

        Issue actions
          How to properly use AFL++ docker image? · Issue #211 · AFLplusplus/AFLplusplus