[ Pobierz całość w formacie PDF ]
.cqual presents the analysisresults using Program Analysis Mode, an emacs-based interface.The current version of cqual candetect potential format-string vulnerabilities in C programs.A previous incarnation of cqual,Carillon, has been used to find Y2K bugs in C programs.The software is licensed under the GPL andChapter 11.Special Topics 136Secure Programming for Linux and Unix HOWTOis available from http://www.cs.berkeley.edu/Research/Aiken/cqual." Cyclone is a C-like language intended to remove C's security weaknesses.In theory, you can alwaysswitch to a language that is ``more secure,'' but this doesn't always help (a language can help youavoid common mistakes but it can't read your mind).John Viega has reviewed Cyclone, and inDecember 2001 he said: ``Cyclone is definitely a neat language.It's a C dialect that doesn't feel likeit's taking away any power, yet adds strong safety guarantees, along with numerous features that canbe a real boon to programmers.Unfortunately, Cyclone isn't yet ready for prime time.Even withcrippling limitations aside, it doesn't yet offer enough advantages over Java (or even C with a good setof tools) to make it worth the risk of using what is still a very young technology.Perhaps in a fewyears, Cyclone will mature into a robust, widely supported language that comes dangerously close toC in terms of efficiency.If that day comes, you'll certainly see me abandoning C for good.'' TheCyclone compiler has been released under the GPL and LGPL.You can get more information fromthe Cyclone web site.Some tools try to detect potential security flaws at run-time, either to counter them or at least to warn thedeveloper about them.Much of Crispen Cowan's work, such as StackGuard, fits here.There are several tools that try to detect various C/C++ memory-management problems; these are reallygeneral-purpose software quality improvement tools, and not specific to security, but memory managementproblems can definitely cause security problems.An especially capable tool is Valgrind, which detects variousmemory-management problems (such as use of uninitialized memory, reading/writing memory after it's beenfree'd, reading/writing off the end of malloc'ed blocks, and memory leaks).Another such tool is Electric Fence(efence) by Bruce Perens, which can detect certain memory management errors.Memwatch (public domain)and YAMD (GPL) can detect memory allocation problems for C and C++.You can even use the built-incapabilities of the GNU C library's malloc library, which has the MALLOC_CHECK_ environment variable(see its manual page for more information).There are many others.Another approach is to create test patterns and run the program, in attempt to find weaknesses in the program.Here are a few such tools:" BFBTester, the Brute Force Binary Tester, is licensed under the GPL.This program does quicksecurity checks of binary programs.BFBTester performs checks of single and multiple argumentcommand line overflows and environment variable overflows.Version 2.0 and higher can also watchfor tempfile creation activity (to check for using unsafe tempfile names).At one time BFBTesterdidn't run on Linux (due to a technical issue in Linux's POSIX threads implementation), but this hasbeen fixed as of version 2.1.More information is available at http://bfbtester.sourceforge.net/" The fuzz program is a tool for testing other software.It tests programs by bombarding the programbeing evaluated with random data.This tool isn't really specific to security." SPIKE is a "fuzzer creation kit", i.e., it's a toolkit designed to create "random" tests to find securityproblems.The SPIKE toolkit is particularly designed for protocol analysis by simulating networkprotocol clients, and SPIKE proXy is a tool built on SPIKE to test web applications.SPIKE includes afew pre-canned tests.SPIKE is licensed under the GPL.There are a number tools that try to give you insight into running programs that can also be useful when tryingto find security problems in your code.This includes symbolic debuggers (such as gdb) and trace programs(such as strace and ltrace).One interesting program to support analysis of running code is Fenris (GPLlicense).Its documentation describes Fenris as a ``multipurpose tracer, stateful analyzer and partialdecompiler intended to simplify bug tracking, security audits, code, algorithm or protocol analysis - providinga structural program trace, general information about internal constructions, execution path, memoryoperations, I/O, conditional expressions and much more.'' Fenris actually supplies a whole suite of tools,including extensive forensics capabilities and a nice debugging GUI for Linux.A list of other promising openChapter 11.Special Topics 137Secure Programming for Linux and Unix HOWTOsource tools that can be suitable for debugging or code analysis is available athttp://lcamtuf.coredump.cx/fenris/debug-tools.html [ Pobierz całość w formacie PDF ]