Markus Friedl <markus.friedlat_private-erlangen.de> said: > On Sun, May 27, 2001 at 02:50:43AM -0700, Crispin Cowan wrote: > > WireX is pleased to announce the broad release of FormatGuard 1.0, the > > latest member of the Immunix security tool suite. Similar to StackGuard > > http://immunix.org/stackguard.html , FormatGuard provides run-time > > protection against printf format string vulnerabilities > > http://www.securityfocus.com/archive/1/81565 > nice. i asume that formatguard lead to the discovery of many format > string bugs. do you have a list of problems discovered by formatguard? > do you have a collection of bugfixes that can be shared with the > public? For constant format strings, gcc will catch them if given correct prototypes (i.e., when using glibc's headers). This will even catch errors in functions that use the same format conventions (ginen the right proptotypes), but have nothing else in common with printf and ilk. So I suspect the number of errors caught is minor. -- Dr. Horst H. von Brand mailto:vonbrandat_private Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513 _______________________________________________ Immunix-users mailing list Immunix-usersat_private http://mail.wirex.com/mailman/listinfo/immunix-users
This archive was generated by hypermail 2b30 : Mon May 28 2001 - 08:09:26 PDT