[Michael Lynch]’s adventures in configuring Nix to automate fuzz testing is a lot of things all rolled into one. It’s not only a primer on fuzz testing (a method of finding bugs) but it’s also a how-to on automating the setup using Nix (which is a lot of things, including a kind of package manager) as well as useful info on effectively automating software processes.
[Michael] not only walks through how he got it all up and running in a simplified and usefully-portable way, but he actually found a buffer overflow in pdftotext in the process! (Turns out someone else had reported the same bug a few weeks before he found it, but it demonstrates everything regardless.)
[Michael] chose fuzz testing because using it to find security vulnerabilities is conceptually simple, actually doing it tends to require setting up a test environment with a complex workflow and a lot of dependencies. The result has a high degree of task specificity, and isn’t very portable or reusable. Nix allowed him to really simplify the process while also making it more adaptable. Be sure to check out part two, which goes into detail about how exactly one goes from discovering an input that crashes a program to tracking down (and patching) the reason it happened.
Making fuzz testing easier (and in a sense, cheaper) is something people have been interested in for a long time, even going so far as to see whether pressing a stack of single-board computers into service as dedicated fuzz testers made economic sense.
Nice to see Nix mentioned on here. Hackaday in particular has so many writeups where the author is simply spending the whole time talking about how to install some tooling to do what they did. The maker community seems a little late to the party on Nix vs. the Linux
This is funny but nice. I read through the tutorial, and I really liked the tone of it. I got down to the end to find out he has also written a book on technical writing. If this is an example of what the book teaches, I am going to check that out.
By “Nix”, [Michael Lynch] means NixOS [1] which is a flavor of Linux with a supposedly robust package management system. NixOS has little to do with Unix or even any flavor of xBSD. Plus these days, “Automated Fuzzing” usually employs some form of ML/AI.
NixOS
https://en.wikipedia.org/wiki/NixOS
https://nixos.org/
He’s pretty clear that he does mean Nix (the ~package manager) rather than NixOS, and in fact even mentions that to some extent you can do this on MacOS.
That said, it does seem like an overarching philosophy as much as a tool, and as such it probably makes more sense to consider the NixOS project as a whole. Other platforms really, really don’t need additional package managers and build tools, even if they’re better than the current options.
Personally I think this NixOS idea sounds interesting, but also like more of a time sink than I’ve been ready to engage with so far.