I am currently a student at a university studying a computing related degree and my current project is focusing on finding vulnerabilities in the Linux kernel. My aim is to both statically audit as well as ‘fuzz’ the kernel (targeting version 3.0) in an attempt to find a vulnerability.

My first question is ‘simple’ is fuzzing the Linux kernel possible? I have heard of people fuzzing plenty of protocols etc. but never much about kernel modules. I also understand that on a Linux system everything can be seen as a file and as such surely input to the kernel modules should be possible via that interface shouldn’t it?

My second question is: which fuzzer would you suggest? As previously stated lots of fuzzers exist that fuzz protocols however I don’t see many of these being useful when attacking a kernel module. Obviously there are frameworks such as the Peach fuzzer which allows you to ‘create’ your own fuzzer from the ground up and are supposedly excellent however I have tried repeatedly to install Peach to no avail and I’m finding it difficult to believe it is suitable given the difficulty I’ve already experienced just installing it (if anyone knows of any decent installation tutorials please let me know :P).

I would appreciate any information you are able to provide me with this problem. Given the breadth of the topic I have chosen, any idea of a direction is always greatly appreciated. Equally, I would like to ask people to refrain from telling me to start elsewhere. I do understand the size of the task at hand however I will still attempt it regardless (I’m a blue-sky thinker 😛 A.K.A stubborn as an Ox)

Cheers

A.Smith