Re: FormatGuard

From: James Antill (jamesat_private)
Date: Tue May 29 2001 - 10:22:56 PDT

  • Next message: Horst von Brand: "Re: FormatGuard"

    Horst von Brand <vonbrandat_private> writes:
    
    > Markus Friedl <markus.friedlat_private-erlangen.de> said:
    > > On Sun, May 27, 2001 at 02:50:43AM -0700, Crispin Cowan wrote:
    > > > WireX is pleased to announce the broad release of FormatGuard 1.0, the
    > > > latest member of the Immunix security tool suite.  Similar to StackGuard
    > > > http://immunix.org/stackguard.html , FormatGuard provides run-time
    > > > protection against printf format string vulnerabilities
    > > > http://www.securityfocus.com/archive/1/81565
    > 
    > > nice. i asume that formatguard lead to the discovery of many format
    > > string bugs. do you have a list of problems discovered by formatguard?
    > > do you have a collection of bugfixes that can be shared with the
    > > public?
    > 
    > For constant format strings, gcc will catch them if given correct
    > prototypes (i.e., when using glibc's headers). This will even catch errors
    > in functions that use the same format conventions (ginen the right
    > proptotypes), but have nothing else in common with printf and ilk.
    > So I suspect the number of errors caught is minor.
    
     The number will possibly be low, but each incident will probably be
    serious. I'm also not sure which version of gcc you're talking about,
    I'd heard that people were trying to get something in for gcc-3.0 but
    as far as I know it wouldn't be anything that would warn on one of the
    following cases...
    
    1.
    
    const char *tmp = /* blah */;
    printf(tmp);
    
    
    2.
    
    const char *tmp = "blah";
    printf(tmp);
    
    ...the first possibly being bad, and the second being ok. The idea
    being that the new warning in gcc would just warn if the fmt argument
    wasn't inline (which may be useful but I'm not sure how many would add
    it).
    
    -- 
    # James Antill -- jamesat_private
    :0:
    * ^From: .*james@and\.org
    /dev/null
    



    This archive was generated by hypermail 2b30 : Tue May 29 2001 - 11:50:32 PDT