Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: James Antill (jamesand.org)
Date: Tue May 29 2001 - 12:22:56 CDT
Horst von Brand <vonbrandinf.utfsm.cl> writes:
> Markus Friedl <markus.friedlinformatik.uni-erlangen.de> said:
> > On Sun, May 27, 2001 at 02:50:43AM -0700, Crispin Cowan wrote:
> > > WireX is pleased to announce the broad release of FormatGuard 1.0, the
> > > latest member of the Immunix security tool suite. Similar to StackGuard
> > > http://immunix.org/stackguard.html , FormatGuard provides run-time
> > > protection against printf format string vulnerabilities
> > > http://www.securityfocus.com/archive/1/81565
> > nice. i asume that formatguard lead to the discovery of many format
> > string bugs. do you have a list of problems discovered by formatguard?
> > do you have a collection of bugfixes that can be shared with the
> > public?
> For constant format strings, gcc will catch them if given correct
> prototypes (i.e., when using glibc's headers). This will even catch errors
> in functions that use the same format conventions (ginen the right
> proptotypes), but have nothing else in common with printf and ilk.
> So I suspect the number of errors caught is minor.
The number will possibly be low, but each incident will probably be
serious. I'm also not sure which version of gcc you're talking about,
I'd heard that people were trying to get something in for gcc-3.0 but
as far as I know it wouldn't be anything that would warn on one of the
const char *tmp = /* blah */;
const char *tmp = "blah";
...the first possibly being bad, and the second being ok. The idea
being that the new warning in gcc would just warn if the fmt argument
wasn't inline (which may be useful but I'm not sure how many would add
-- # James Antill -- jamesand.org :0: * ^From: .*jamesand\.org /dev/null
_______________________________________________ Immunix-users mailing list Immunix-usersmail.wirex.com http://mail.wirex.com/mailman/listinfo/immunix-users