1 |
On Mon, 2005-06-20 at 07:34 +0300, Rumen Yotov wrote: |
2 |
> Hi, |
3 |
> Recently began using flawfinder& rats and they're working (logging things). |
4 |
> For now don't have time to look at the logs (beside *me* needing more |
5 |
> time to check them), so is there some place/person which |
6 |
> collects/is_interested in such info. |
7 |
|
8 |
You should probably hold on to these. |
9 |
Most of us are capable of running these commands for ourselves. |
10 |
|
11 |
> Maybe some meta-bug or other, or |
12 |
> just send they upstream (if correct)? |
13 |
|
14 |
Real bugs should mailed upstream. |
15 |
|
16 |
> Any experiences with them, are they correct? |
17 |
|
18 |
Sadly neither of the tools can take into account program execution |
19 |
flows. I tend to view them these tools as pretty much nothing more than |
20 |
glorified grep commands. Handy if your looking for the obvious, but most |
21 |
of the obvious bugs have been fixed obviously for some time. |
22 |
|
23 |
Keep your logs. When you are sure you have pinpointed something that you |
24 |
know is a bug, then feel free to file a bug preferably with a patch that |
25 |
fixes the problem also. |
26 |
|
27 |
-- |
28 |
Ned Ludd <solar@g.o> |
29 |
|
30 |
-- |
31 |
gentoo-hardened@g.o mailing list |