|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: ANNOUNCE: PScan, a simple security scanner.
From: Alan DeKok (aland
STRIKER.OTTAWA.ON.CA)Date: Fri Jul 07 2000 - 13:47:13 CDT
- Next message: Roger Espel Llima: "Re: ftpd and setproctitle()"
- Previous message: D. J. Bernstein: "Re: ftpd and setproctitle()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ This should probably wait until Monday to be released ... ]
I've written a simple GPL'd security scanner for the classic
problems of printf-style functions, where a variable contains
formatting characters. e.g.:
variable = "%s"; /* or malicious user input */
sprintf(buffer, variable); /* BAD! */
The preferred solution would be to call sprintf in the following
manner:
sprintf(buffer, "%s", variable); /* Probably OK */
That's really all it does. But it does allow for user supplied
per-application configuration files for problematic functions.
The URL is: http://www.striker.ottawa.on.ca/~aland/pscan/
I've taken the liberty of scanning the latest wu-ftpd source, and
posting the results on the web page. I've checked the result, and
didn't see any obviously exploitable holes, but the wu-ftpd people may
want to double-check that themselves.
I took some care to minimize the number of false positives that the
program produces, and to make the output and documentation clear.
That should help to make it a useful program, which can be one more
step in securing your programs.
Alan DeKok.
- Next message: Roger Espel Llima: "Re: ftpd and setproctitle()"
- Previous message: D. J. Bernstein: "Re: ftpd and setproctitle()"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]