Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 Feb 1997 02:24:35 -0700 (MST)
From:      Marc Slemko <marcs@znep.com>
To:        tqbf@enteract.com
Cc:        freebsd-security@freebsd.org
Subject:   Re: Don't fulminate, be productive 
Message-ID:  <Pine.BSF.3.95.970210021858.11077f-100000@alive.ampr.ab.ca>
In-Reply-To: <19970210075217.22118.qmail@char-star.rdist.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On 10 Feb 1997 tqbf@enteract.com wrote:

> In article <Pine.BSF.3.95.970208171054.3343F-100000@alive.ampr.ab.ca>, you wrote:
> >Essentially what I did is go through the entire source line by line,
> >looking for anything that stood out as being suspicious.  Those things
> >include:
> 
> If you used "grep()" or pattern-searching in your editor to do this, you
> just missed the lpr card() hole. 
> 
> while(*c) *p++ = *c++;

Of course.  That is why I said line-by-line and why I don't find scripts
overly useful.  What I _do_ do is, after I go through the source, do a
quick grep on certain keywords to help find some of the things I may have
missed.  That one is an easy one to spot when scanning through the source
manually, since it just screams out "playing wiht string pointers".

When I was looking through some of the FreeBSD sources a while back, I
first looked through the source line by line, then did a grep to see if I
could notice anything I missed in my first run, then did a diff with the
OpenBSD source to see if I missed anything that was fixed there.

90% of security holes are easy to find in stuff like FreeBSD right now.
When the obvious ones get fixed, it will be more like 90% being hard to
find.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970210021858.11077f-100000>