[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: (Small) software that needs code audit



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hans de Goede wrote:
> Hi,
> 
> As some of you already know I'm a computer science teacher at a Dutch
> university. Currently I'm giving a course about security.
> 
> For my next practical lesson I want my students todo an audit of a small
> piece of C-code. Nothing fancy really just looking for sprintf instead
> of snprintf, gets instead of fgets, etc. And formatstring vulnerabilities.
> 
> Does anyone know of some (small!) piece of software in Fedora (Extras)
> that could benefit from this?
> 
> And are there any other simple checks my students could do?
> 
> Any findings will of course be published.

Many of the games in the bsd-games package are fairly small (one or two
.c files) and could probably use an audit.  Since most of them don't run
setgid, and drop any gid privileges before doing anything anyway,
security hasn't been an issue with them.

- --Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFEfaxGDeYlPfs40g8RAqRPAJ9cpNgcMKsWH+RcUgUZ70LXR/cl6wCfZ486
tcVCdQyTg+KEUAE3GnxAD5o=
=OxCz
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]