Subject: pscan in "net"?
To: NetBSD Packages Technical Discussion List <tech-pkg@NetBSD.ORG>
From: Greg A. Woods <email@example.com>
Date: 08/06/2002 14:54:28
Why is "pscan" in the "net" category? From the description file:
PScan is a C source code security scanner, which looks for misuse of
libc functions which use varargs and printf-style formatting
operators. In many situations these can cause security vulnerabilities
in the application if it runs with privileges (setugid, or listening
to a network socket, etc).
The Makefile gives a slightly better definition, though it has its
priority ordering backwards:
CATEGORIES= security devel
It's primarily a development tool, with potential use for detecting what
might eventually end up as security issues in applications.
Greg A. Woods
+1 416 218-0098; <firstname.lastname@example.org>; <email@example.com>
Planix, Inc. <firstname.lastname@example.org>; VE3TCP; Secrets of the Weird <email@example.com>