Subject: pscan in "net"?
To: NetBSD Packages Technical Discussion List <tech-pkg@NetBSD.ORG>
From: Greg A. Woods <>
List: tech-pkg
Date: 08/06/2002 14:54:28
Why is "pscan" in the "net" category?  From the description file:

	PScan is a C source code security scanner, which looks for misuse of
	libc functions which use varargs and printf-style formatting
	operators. In many situations these can cause security vulnerabilities
	in the application if it runs with privileges (setugid, or listening
	to a network socket, etc).

The Makefile gives a slightly better definition, though it has its
priority ordering backwards:

	CATEGORIES=	security devel

It's primarily a development tool, with potential use for detecting what
might eventually end up as security issues in applications.

								Greg A. Woods

+1 416 218-0098;            <>;           <>
Planix, Inc. <>; VE3TCP; Secrets of the Weird <>