(Small) software that needs code audit
Wart
wart at kobold.org
Wed May 31 14:46:32 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hans de Goede wrote:
> Hi,
>
> As some of you already know I'm a computer science teacher at a Dutch
> university. Currently I'm giving a course about security.
>
> For my next practical lesson I want my students todo an audit of a small
> piece of C-code. Nothing fancy really just looking for sprintf instead
> of snprintf, gets instead of fgets, etc. And formatstring vulnerabilities.
>
> Does anyone know of some (small!) piece of software in Fedora (Extras)
> that could benefit from this?
>
> And are there any other simple checks my students could do?
>
> Any findings will of course be published.
Many of the games in the bsd-games package are fairly small (one or two
.c files) and could probably use an audit. Since most of them don't run
setgid, and drop any gid privileges before doing anything anyway,
security hasn't been an issue with them.
- --Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFEfaxGDeYlPfs40g8RAqRPAJ9cpNgcMKsWH+RcUgUZ70LXR/cl6wCfZ486
tcVCdQyTg+KEUAE3GnxAD5o=
=OxCz
-----END PGP SIGNATURE-----
More information about the fedora-extras-list
mailing list