Ups! Now I'm reading the second part of your mail (sorry, I'm doing
multitasking here :).
I don't know any good tool to analyze software security, when I have to
do that kind of work I basically do this:
- Build a fast schema of the objects/functions dependencies and
functionalities identifien the critical ones for the object of the
job.
- Run some grep/perl script to find all the syscalls, socket, critical
identified funcions, etc lines inside the code and then I analyze the
context of that calls.
Is a hard work and takes time. For the binary part, you can use a hash
check (SHA-1, etc) or something like that if you have a trusted binary.
If not, you can run the code in some kind of sandBox or debugger that
brakes avery time a defined syscall is called and analyze the excecution
context... this is not a "complete" method, I mean, maybe some malicious
behavior can escape to this kind of analize.
Another way is to unassemble the code and apply a source code analyze to
that... If you're going to do that, I recomend you a good deal of
beer... trust me, you'll need it :)
regards, Mauro Flores
On Wed, 2005-08-31 at 12:52 +0000, anceky_at_yahoo.com.br wrote:
> Can anyone tell me some references (sites, articles) about Linux free software auditing ?
>
> I need procedures, tools, tips to analyse the software security (source and binary format) and avoid malicious behaviour like not authorized network connections, suspect syscalls, ...
>
> Thanks.
>
Received on Sep 05 2005
Intro
