You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think it would be great if it was possible to skip destructive methods when dfuzzer is privileged enough to actually call them and call them when it's unprivileged. It should make it possible to poke all those polkit/dbus rules.
(Just filing it as a new issue, so it won't get lost)
One potential solution could be, maybe, introducing "destruct-ability levels", that would be paired with a corresponding dfuzzer option. I.e. you would have levels 0 and 1 defined as "always destructive" and "destructive when privileged", then some kind of tag that could be used in the suppression file, and then by running dfuzzer --level=1 you'd run only "destructive when privileged" methods + any untagged methods. Similarly, --level=0 would run all methods from the previous case + "always destructive" ones. Or something like that. Just an idea I got after reading #140 (comment).
and run methodA in unprivileged mode. In privileged mode they both would be skipped. The modes could be detected automatically depending on whether dfuzzer is run as root or not.
--level=0 would run all methods from the previous case + "always destructive" ones
Having thought about this I think it can't be covered because if all the methods were allowed in privileged mode dfuzzer would just reboot the machine before it could reach the other methods.
Originally posted by @evverx in #140 (comment)
The text was updated successfully, but these errors were encountered: