From owner-freebsd-security Mon Feb 10 01:26:53 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id BAA21220 for security-outgoing; Mon, 10 Feb 1997 01:26:53 -0800 (PST) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA21213 for ; Mon, 10 Feb 1997 01:26:50 -0800 (PST) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.8.5/8.7.3) with UUCP id CAA18363; Mon, 10 Feb 1997 02:26:46 -0700 (MST) Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id CAA16470; Mon, 10 Feb 1997 02:24:36 -0700 (MST) Date: Mon, 10 Feb 1997 02:24:35 -0700 (MST) From: Marc Slemko X-Sender: marcs@alive.ampr.ab.ca To: tqbf@enteract.com cc: freebsd-security@freebsd.org Subject: Re: Don't fulminate, be productive In-Reply-To: <19970210075217.22118.qmail@char-star.rdist.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On 10 Feb 1997 tqbf@enteract.com wrote: > In article , you wrote: > >Essentially what I did is go through the entire source line by line, > >looking for anything that stood out as being suspicious. Those things > >include: > > If you used "grep()" or pattern-searching in your editor to do this, you > just missed the lpr card() hole. > > while(*c) *p++ = *c++; Of course. That is why I said line-by-line and why I don't find scripts overly useful. What I _do_ do is, after I go through the source, do a quick grep on certain keywords to help find some of the things I may have missed. That one is an easy one to spot when scanning through the source manually, since it just screams out "playing wiht string pointers". When I was looking through some of the FreeBSD sources a while back, I first looked through the source line by line, then did a grep to see if I could notice anything I missed in my first run, then did a diff with the OpenBSD source to see if I missed anything that was fixed there. 90% of security holes are easy to find in stuff like FreeBSD right now. When the obvious ones get fixed, it will be more like 90% being hard to find.