| 1 |
On Fri, 2003-09-05 at 16:25, Jan Krueger wrote: |
| 2 |
|
| 3 |
I don't think the idea is bad in anyway at all, yes it will be very time |
| 4 |
consuming and yes a few of us would actually like to use such a thing. |
| 5 |
flawfinder would of been ideal for such a thing as its python based and |
| 6 |
all, but would need some major testing. I'm attaching a small patch for |
| 7 |
your ebuild.sh that should do exactly what your looking for. Note: |
| 8 |
flawfinder must be located in /usr/bin and "flawfinder" must be found in |
| 9 |
your features. |
| 10 |
|
| 11 |
Perhaps you would like to begin/finish coding this feature. :) |
| 12 |
|
| 13 |
Also just letting ya know I just updated splint in portage tree to |
| 14 |
version 3.1.1 but from what I gather about splint is that all src code |
| 15 |
still has to be written to take advantage of it in the first place thus |
| 16 |
nearly defeating the purpose. |
| 17 |
|
| 18 |
What I make of all this is sounds like we need need some portage hooks |
| 19 |
for users. |
| 20 |
|
| 21 |
Anyway happy bug hunting. |
| 22 |
|
| 23 |
> I know about the following source code scanners, almost restricted to c and |
| 24 |
> c++: |
| 25 |
> flawfinder, http://www.dwheeler.com/flawfinder/ |
| 26 |
> splint, http://www.splint.org/ |
| 27 |
> its4, http://www.cigital.com/its4/ |
| 28 |
> rats, http://www.securesw.com/download_form_rats.htm |
| 29 |
> |
| 30 |
> Anyway, is there a policy like http://www.openbsd.org/porting.html#Security? |
| 31 |
> |
| 32 |
> Jan |
| 33 |
> |
| 34 |
> |
| 35 |
> -- |
| 36 |
> gentoo-hardened@g.o mailing list |
| 37 |
-- |
| 38 |
RSA key ID 2BC75196 http://keyserver.net |
| 39 |
Gentoo Linux Developer (Hardened) http://dev.gentoo.org/~solar |
Archives