Quoting Steve Kemp <steve_at_shellcode.org>:
> Like you I'm working on a couple of things, mostly the things
> I've been looking at are "public", so I will name names.
When talking about non-free games with public vulnerabilities, I found this
little gem in maelstrom:
static FILE *OpenData(char *mode, char **fname)
{
static char datafile[BUFSIZ];
char *home;
FILE *data;
if ( (home=getenv("HOME")) == NULL ) {
if ( strcmp(CUR_DIR, DIR_SEP) != 0 ) {
home = CUR_DIR;
} else {
home="";
}
}
if ( fname ) {
*fname = datafile;
}
sprintf(datafile, "%s"DIR_SEP"%s", home, MAELSTROM_DATA);
if ( (data=fopen(datafile, mode)) == NULL )
return(NULL);
return(data);
}
When researching this further, I found that this was an old issue that was
patched in Gentoo a year ago:
[PATCH] http://www.securityfocus.com/archive/1/322134
[ADVIS] http://www.securityfocus.com/archive/1/321918
[MORE]
http://search.securityfocus.com/cgi-bin/swsearch/swish.cgi?query=maelstrom&metaname=alldoc&sbm=%2F&start=0
Perhaps someone who's running Debian and is experienced in building .deb
packages could produce an update for this?
(We do audit non-free software like angbard and maelstrom as well, don't we?)
> One thing that I have been dabbling with is updating some of the
> source code scanners to make them invoke 'cpp' first, so that we
> only examine code which isn't 'ifdef'd out. This does have it's
> flaws as it means that some platforms which Debian supports might
> not be examined if my host platform (x86) isn't vulnearble.
>
> Interesting thing to do anyway..
Yes, it's interesting. Cigital writes about this in a paper about ITS4:
http://www.cigital.com/papers/download/its4.pdf
-- Ulf Harnhammar http://www.advogato.org/person/metaur/ (lots of URLs in this mail!)Received on Tue Jun 08 2004 - 18:46:41 BST