Bugtraq mailing list archives

Re: StackGuard with ... Re: [Paper] Format bugs.

From: Theo de Raadt <deraadt () CVS OPENBSD ORG>
Date: Sun, 23 Jul 2000 14:56:59 -0600

Theo de Raadt <deraadt () cvs openbsd org> wrote:

Automated tools do not help because you still have to check for the
last category by hand, so you might as well read everything.


  That's like saying "'Make' doesn't help, because you can always fall
back to 'ls -l' and 'cc ...'"

  Automated tools HELP.  They are not ENOUGH.  I tried to make this
clear in the documentation for my scanner.  An automated scanner can
help to protect you against the obvious security bloopers.


But I insist; for me, as a source code auditor, tools like yours do
not help.

They are crutches.  I bet that most people will use your tool, and
then get a nice happy feeling thinking they are safe.

A complete source code read is needed.

I have deleted your comments on changing stdarg, since any changes
like that are not ever going to happen.

Current thread:

Re: StackGuard with ... Re: [Paper] Format bugs., (continued)
- - - Re: StackGuard with ... Re: [Paper] Format bugs. Hannah Schröter (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Stephen J. Friedl (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Casper Dik (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. stanislav shalunov (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Daniel Jacobowitz (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 22)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Keith Owens (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Gerardo Richarte (Jul 24)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 25)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Theo de Raadt (Jul 24)
    - Chasing bugs / vulnerabilties Michael S Hines (Jul 24)
    - Re: Chasing bugs / vulnerabilties Kurt Seifried (Jul 25)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Pascal Bouchareine (Jul 21)
    - Re: StackGuard with ... Re: [Paper] Format Ronald Huizer [Crew] (Jul 24)
    - More bad censorware John Pettitt (Jul 21)
    - Re: StackGuard with ... Re: [Paper] Format bugs. Gerardo Richarte (Jul 24)
  - S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4 Lluis Mora (Jul 17)
  - [COVERT-2000-07] LISTSERV Web Archive Remote Overflow COVERT Labs (Jul 17)
  - [RHSA-2000:043-02] Updated package for nfs-utils available bugzilla () REDHAT COM (Jul 17)
    - Trustix Security Advisory - nfs-utils Oystein Viggen (Jul 18)

(Thread continues...)