Bugtraq mailing list archives
Chasing bugs / vulnerabilties
From: Michael S Hines <mshines () PURDUE EDU>
Date: Mon, 24 Jul 2000 15:16:01 -0500
Persons responsible for software quality (and you do have those in your
organizaiton, don't you?) should use any and all tools available as well as
the list of common bugs published some 20 years ago that keep reoccuring in
code.
- missed limits at the boarders of ranges (the off by one problem)
- buffer overflow
- falling into the wrong set of conditions - the dangling else situation -
when in doubt don't do anything (wrong answer)
- failing to verify your input is proper for the problem your solving
(alpha in numeric fields, null or blank for alpha fields, divide by zero,
underflow/overflow problems, etc)
- unassigned pointers (references to memory locations < 400x on Intel
platforms - the interrupt jump table)
- self modifying code - (though not technically a bug, it does produce
nearly an unmaintainable source code)
- misused algorithms (short circuiting code in the interest of
'effeciency')
- bad optimization
- errors in compilers (a compiler is also a piece of code which can
produce other bad code - see C/C++ User Journal for errata on the compilers)
Software tools can help - source code checkers - syntax (lint),
format/style, etc
- object code testers - test conditions derived from
specifications
Both white box (known source and specifications) and black box (using
documetation for software without knowing the internals) testing should be
carried out - by individuals separate and apart from the coders.
Try the UNIX Fuzz experiment, first conducted at the University of Wisconsin
on multiple UNIX operating systems and when tried again several years later
revealed only slightly better results (the Fuzz experiment throws garbage
input on the command line into a program and tests the response). We
(check out
http://www.cerias.purdue.edu/coast/ms_penetration_testing/v11.html) tried
the same experiment on WinNT with 'interesting' results.
----------------------------------------------------------------------
Michael S Hines, CISA,CIA,CFE,CDP | Phone 765.494.5338
Coordinator of Data Systems / Programming | fax 765.496.1466
Schools of Engineering | e-mail: mshines () purdue edu
1280 Engineering Administration |
West Lafayette, IN 47907-1280 |
----------------------------------------------------------------------
Current thread:
- Re: StackGuard with ... Re: [Paper] Format bugs., (continued)
- Re: StackGuard with ... Re: [Paper] Format bugs. Stephen J. Friedl (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Casper Dik (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. stanislav shalunov (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Daniel Jacobowitz (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 22)
- Re: StackGuard with ... Re: [Paper] Format bugs. Keith Owens (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Gerardo Richarte (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Theo de Raadt (Jul 24)
- Chasing bugs / vulnerabilties Michael S Hines (Jul 24)
- Re: Chasing bugs / vulnerabilties Kurt Seifried (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Pascal Bouchareine (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format Ronald Huizer [Crew] (Jul 24)
- More bad censorware John Pettitt (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Gerardo Richarte (Jul 24)
- Trustix Security Advisory - nfs-utils Oystein Viggen (Jul 18)
- Re: [RHSA-2000:043-02] Updated package for nfs-utils available Andrea Costantino (Jul 18)