google
How to disable/configure SystemSan?
For the PHP project, we have a number of fuzzers that essentially execute arbitrary code. For those fuzzers reading arbitrary files is expected, and even writing them is only a fuzzer quality problem (we do try to blacklist such functions just to limit corruption).
Is there some way to disable SystemSan or configure it to not report certain issues?
Yes, there will be a way to configure SystemSan.
Right now we are not filing bugs automatically for such issues until we have that mechanism in place.
Even if not issues are filed, they still abort fuzzing. The reason why I noticed this is that I looked at fuzzer statistics and noticed a very high percentage of startup crashes caused by this. It doesn't help that the error doesn't contain a backtrace, so it's hard to figure out where the FS access comes from, if you have hundreds of places that could perform one.
That's a very good point.
We currently only enable this in 10% of all of our runs, and will be adding capabilities very soon to configure the checks to enable per target.
Does 10% still sound too high in the meantime?
It turns out that the "arbitrary file open" was caused by an rpath being set, which resulted in attempts to load libraries like /ORIGIN/lib/glibcs..., which meant that all our fuzzers were crashing in 10% of runs. After dropping the (no longer used) rpath, the situation looks better, in that it only affects the "arbitrary code execution" fuzzers now, and the percentage is less than 10%. So I think this is okay in the meantime.
By the way, this false positive should be fixed by https://github.com/google/oss-fuzz/pull/8562 which just got merged
