|
|
|
|
|
|
by stevekemp
2251 days ago
|
|
|
I used to do it, every time I installed a new package/game/service I'd look at the code. That resulted in a whole bunch of security reports. I still do it for fun, but not methodically, and not regularly. It's a great way to look at code, to learn, and sometimes it pays off. e.g. Reporting a bunch of trivial predictable filename issues in GNU Emacs, including something referring to the (ancient) Mosiac support: https://bugs.debian.org/747100 Fuzzing is definitely useful, and I've reported issues in awk, etc, but fuzzing tends to be used when you have a specific target in mind. I'd rarely make the effort to recompile a completely random/unknown binary with instrumentation for that. |
|
|