Subject: pscan in "net"?
To: NetBSD Packages Technical Discussion List <tech-pkg@NetBSD.ORG>
From: Greg A. Woods <woods@weird.com>
List: tech-pkg
Date: 08/06/2002 14:54:28
Why is "pscan" in the "net" category? From the description file:
PScan is a C source code security scanner, which looks for misuse of
libc functions which use varargs and printf-style formatting
operators. In many situations these can cause security vulnerabilities
in the application if it runs with privileges (setugid, or listening
to a network socket, etc).
The Makefile gives a slightly better definition, though it has its
priority ordering backwards:
CATEGORIES= security devel
It's primarily a development tool, with potential use for detecting what
might eventually end up as security issues in applications.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>