1 |
Tavis Ormandy wrote: |
2 |
|
3 |
>--On Monday, June 20, 2005 07:34:11 +0300 Rumen Yotov <rumen_yotov@×××.bg> |
4 |
>wrote: |
5 |
> |
6 |
> |
7 |
> |
8 |
>>Hi, |
9 |
>>Recently began using flawfinder& rats and they're working (logging |
10 |
>>things). For now don't have time to look at the logs (beside *me* needing |
11 |
>>more time to check them), so is there some place/person which |
12 |
>>collects/is_interested in such info. Maybe some meta-bug or other, or |
13 |
>>just send they upstream (if correct)? |
14 |
>>Any experiences with them, are they correct? |
15 |
>>Thanks. Rumen. |
16 |
>> |
17 |
>> |
18 |
> |
19 |
>No, they're very little practical use. If you're stuck and need an "entry |
20 |
>point" to start auditing from, they may give you a list of places to start |
21 |
>looking, but this is effectively no better than `grep strcat *.c`. |
22 |
> |
23 |
> |
24 |
> |
25 |
Hi, |
26 |
Thanks for your answers. Won't file a meta-bug till find some real |
27 |
cases/problems. |
28 |
PS: from the logs it seems not all things are fixed (haven't checked |
29 |
though). |
30 |
Rumen |