Gentoo Archives: gentoo-hardened

From: Ned Ludd <solar@g.o>
To: gentoo-hardened@l.g.o
Cc: rumen_yotov@×××.bg
Subject: Re: [gentoo-hardened] flawfinder rats logs
Date: Mon, 20 Jun 2005 08:12:37
Message-Id: 1119255023.8154.8.camel@localhost
In Reply to: [gentoo-hardened] flawfinder rats logs by Rumen Yotov
1 On Mon, 2005-06-20 at 07:34 +0300, Rumen Yotov wrote:
2 > Hi,
3 > Recently began using flawfinder& rats and they're working (logging things).
4 > For now don't have time to look at the logs (beside *me* needing more
5 > time to check them), so is there some place/person which
6 > collects/is_interested in such info.
7
8 You should probably hold on to these.
9 Most of us are capable of running these commands for ourselves.
10
11 > Maybe some meta-bug or other, or
12 > just send they upstream (if correct)?
13
14 Real bugs should mailed upstream.
15
16 > Any experiences with them, are they correct?
17
18 Sadly neither of the tools can take into account program execution
19 flows. I tend to view them these tools as pretty much nothing more than
20 glorified grep commands. Handy if your looking for the obvious, but most
21 of the obvious bugs have been fixed obviously for some time.
22
23 Keep your logs. When you are sure you have pinpointed something that you
24 know is a bug, then feel free to file a bug preferably with a patch that
25 fixes the problem also.
26
27 --
28 Ned Ludd <solar@g.o>
29
30 --
31 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] flawfinder rats logs Rumen Yotov <rumen_yotov@×××.bg>