Download Presentation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
Document related concepts

One-pass compiler wikipedia , lookup

Pwn2Own wikipedia , lookup

Transcript 
FlawFinder
Chris Durham
CS297
June 30th, 2005
What is FlawFinder?
●
Unix/Linux Static Analysis Tool
●
For C/C++ application code
●
Written in Python
●
Built-in 'dictionary' of vulnerabilities
–
Give it a directory of source code
–
produces a list of vulnerabilities by filename/line
number/function, and summary report
Vulnerability Levels
Six vulnerability levels, but not exactly defined:
0: comment/miscellaneous
1: string length/null termination
2: fixed length array access, string copies, temp file creation
3: environment manipulation/access; commmand line parsing
4: printf() family vulnerabilities, some race conditions
5: other race conditions
Besides what you would expect...
The previous slide shows that flawfinder checks for a
number of standard C vulnerabilities. But it also
checks for a number of more esooteric but common
Unix OS system call vulnerabilities, and it considers
system call race conditions to be high risk (level 4 and
5).
My Test
●
●
●
●
●
Sendmail Source: 8.13.1
Flawfinder found 1293 potential vulnerabilities, 4
level 5s
Spot check of levels 0-4: false positives
Level 5: reviewed each vulnerability, found that
all but one was a false positive
Last one: probably also a false positive involving
OS guarantee that filenames have trailing nulls
Summary
●
●
●
Flawfinder does not do context checking, thus
checks against a static list of pre-definied
potential issues
Hard to add new checks: have to edit the python
source
Good as an initial check, but you must do our
own analysis
Let's take a look!
http://www.cbdurham.org/flawfinder
References
Flawfinder Home page:
http://www.dwheeler.com/flawfinder
Linux Secure Programming HOWTO:
http://www.dwheeler.com/secure-programs
Checking for Race Conditions in File Accesses, Matt Bishop and Matt Dilger, UCSD
http://www.cs.ucsb.edu/~vigna/courses/CS595/bishop96-race_conditions.pdf
RATS page:
http://www.securesoftware.com/resources/tools.html
Related documents
Cybersecurity of Medical Devices
Cybersecurity of Medical Devices
This Article argues that intellectual property law stifles critical
This Article argues that intellectual property law stifles critical
Overview of the SSNAPP Methodology
Overview of the SSNAPP Methodology
Liability Regimes
Liability Regimes
Careless Delegation of Trust
Careless Delegation of Trust
Vulnerability
Vulnerability
Role of Web Application Vulnerabilities in Information
Role of Web Application Vulnerabilities in Information
Vulnerability Management
Vulnerability Management
Operating System Security Chapter 9 Operating System Security
Operating System Security Chapter 9 Operating System Security
Predicting zero-day software vulnerabilities through data mining Su
Predicting zero-day software vulnerabilities through data mining Su