Re: FormatGuard

From: Crispin Cowan (crispinat_private)
Date: Tue May 29 2001 - 23:26:29 PDT

  • Next message: Horst von Brand: "Re: FormatGuard"

    Markus Friedl wrote:
    
    > On Sun, May 27, 2001 at 02:50:43AM -0700, Crispin Cowan wrote:
    > > WireX is pleased to announce the broad release of FormatGuard 1.0, the
    > > latest member of the Immunix security tool suite.  Similar to StackGuard
    > > http://immunix.org/stackguard.html , FormatGuard provides run-time
    > > protection against printf format string vulnerabilities
    > > http://www.securityfocus.com/archive/1/81565
    >
    > nice. i asume that formatguard lead to the discovery of many format
    > string bugs. do you have a list of problems discovered by formatguard?
    
    Being a run-time tool, FormatGuard only reveals a vulnerability when an
    attacker attempts to exploit the vulnerability.  To discover unknown format
    bugs with FormatGuard, you have to protect a system with FormatGuard, and
    then leave it out in public where an attacker may try and crack it.
    
    Static analysis tools are much more likely to reveal unknown
    vulnerabilities.  The cost of this advantage is that static analysis tools
    are more work to apply than FormatGuard.  For instance, David Wagner et al
    have a format bug static analysis paper at the same USENIX Security
    conference.  There is also a tool called PScan that is freely available
    http://www.striker.ottawa.on.ca/~aland/pscan/  Currently that link seems
    broken, but google has a cache
    http://www.google.com/search?q=cache:r8gwA4LOgDQ:www.striker.ottawa.on.ca/~aland/pscan/+pscan&hl=en
    
    
    
    > do you have a collection of bugfixes that can be shared with the
    > public?
    
    WireX always shares vulnerability discoveres with the public in a
    responsiblefashion, roughly following the RFP protocol
    http://www.wiretrip.net/rfp/policy.html  Our last vulnerability discovery was
    a collection of temporary file race vulnerabilities in January, where we
    published the vulnerabilities and patches for 10 programs.
    
    Crispin
    
    --
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com//Products/Immunix/purchase.html
    



    This archive was generated by hypermail 2b30 : Wed May 30 2001 - 09:47:30 PDT