Forkfuzz: Leveraging the Fork-Awareness in Coverage-Guided Fuzzing

Fuzzing is a widely adopted technique for automated vulnerability testing due to its effectiveness and applicability throughout the Software Development Life Cycle. Nevertheless, applying fuzzing ‘out of the box’ to any system can prove to be a challenging endeavour. Consequently, the demand for target-specific solutions necessitates a substantial amount of manual intervention, which diverges from the automated nature typically associated with fuzzing. For example, prior research identified the lack of a solution for testing multi-process systems effectively. The problem is that coverage-guided fuzzers do not consider the possibility of having a system with more than one process. In this paper, we present Forkfuzz, a ‘fork-aware’ fuzzer able to deal with multi-process systems. To the best of our knowledge, Forkfuzz is the first fork-aware fuzzer. It is built on top of Honggfuzz, one of the most popular and effective coverage-guided fuzzers, as reported by the Fuzzbench benchmark. To show its effectiveness, we tested our fuzzer over two classical programming problems: the Dining Philosophers Problem and a version of the Producer-Consumer Problem where the consumer (the child) process crashes for specific inputs. Furthermore, we evaluated Forkfuzz against a real and more complex scenario involving an HTTP server that handles multiple connections through multiple processes. The results of our evaluation demonstrate the effectiveness of Forkfuzz in identifying crashes and timeouts. Finally, we discuss possible improvements and challenges for the development and application of fork-aware fuzzing techniques.

Conference paper

SecAssure 2023