Thanks for the reply.
Can u please name some freely available packages (which you are
referrring in your mail ) ,which can be used to find the code is
vulnerable or not.
Actually as I said earlier that I have bought the code from some third
party and also since its size is very bit,its not possible to tell its
programmers to explain each and every part of it.

I am currently using its4() a tool for static code analysis. It warns me
of the use of functions like strcat()which are vulnerable and advices to
use strncat instead. This doesn't completely fulfill my requirement.

I want to ensure that the code doesn't contain any malicious code or
any backdoors which might be dangerous for my system.

Regards
Puja Puri

Dharmendra.T wrote:

>There are some packages using which you can see whether the code is
>vulnerable or not. Or give to the programmers and tell them to exaplin the
>code and what it does. Best place to get this is freshmeat.net
>
> Another way is run it on a seperate machine which is not connected to the
>network and see whether it opens any port at any time(by seeing the log
>files you should knowing this.)
>Regards
>Dharmendra.T
>Linux Security Expert
>www.nsecure.net
>----- Original Message -----
>From: "puja" <puja.puricdac.ernet.in>
>To: <security-auditferret.lmh.ox.ac.uk>
>Sent: Saturday, October 26, 2002 12:32 PM
>Subject: Detecting Malicious code
>
>
>>Hello list
>>
>>I am new to this list. Please excuse me if this is not the right place
>>to ask this question.
>>
>>Linux Security Audit Project is for security and auditing of free
>>available software.
>>But I have bought a code from some third party ( i.e. it is not a freely
>>available software ). I want to ensure that it doesn't contain any
>>malicious code or any backdoors which might be dangerous for my system.
>>How can I ensure this ?
>>
>>thanks in advance
>>
>>Regards
>>Puja Puri
>>
>>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]