Bugtraq mailing list archives
Re: StackGuard with ... Re: [Paper] Format bugs.
From: Theo de Raadt <deraadt () CVS OPENBSD ORG>
Date: Sun, 23 Jul 2000 14:56:59 -0600
Theo de Raadt <deraadt () cvs openbsd org> wrote:Automated tools do not help because you still have to check for the last category by hand, so you might as well read everything.That's like saying "'Make' doesn't help, because you can always fall back to 'ls -l' and 'cc ...'" Automated tools HELP. They are not ENOUGH. I tried to make this clear in the documentation for my scanner. An automated scanner can help to protect you against the obvious security bloopers.
But I insist; for me, as a source code auditor, tools like yours do not help. They are crutches. I bet that most people will use your tool, and then get a nice happy feeling thinking they are safe. A complete source code read is needed. I have deleted your comments on changing stdarg, since any changes like that are not ever going to happen.
Current thread:
- Re: StackGuard with ... Re: [Paper] Format bugs., (continued)
- Re: StackGuard with ... Re: [Paper] Format bugs. Hannah Schröter (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Stephen J. Friedl (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Casper Dik (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. stanislav shalunov (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Daniel Jacobowitz (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 22)
- Re: StackGuard with ... Re: [Paper] Format bugs. Keith Owens (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Gerardo Richarte (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Theo de Raadt (Jul 24)
- Chasing bugs / vulnerabilties Michael S Hines (Jul 24)
- Re: Chasing bugs / vulnerabilties Kurt Seifried (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Pascal Bouchareine (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format Ronald Huizer [Crew] (Jul 24)
- More bad censorware John Pettitt (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Gerardo Richarte (Jul 24)
- Trustix Security Advisory - nfs-utils Oystein Viggen (Jul 18)