> Most of these are situations similar to the halting problem on a Turing > machine so you are unlikely to get an error free checker. But if your > checker complains about all the possible security holes, it will complain > about nearly every construct used within C programs.
I'm auditing one of our daemons, written in C. I've run it through various source code checkers and that is useful, I found something that could be exploitable using this. In our environment, it is not a problem, but we'll fix it and we all learn something. These tools are useful to find obvious problems or problems that have a pattern. Now, aftter using these tools, I have to look over the code and it cannot be code that I wrote. I don't think there's a substitute for serious code review. If you want to make a better tool, please do, I'll use it and if it's good, I might help... Todd Burroughs _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html