Subject: pscan in "net"?
To: NetBSD Packages Technical Discussion List <tech-pkg@NetBSD.ORG>
From: Greg A. Woods <firstname.lastname@example.org>
Date: 08/06/2002 14:54:28
Why is "pscan" in the "net" category? From the description file:
PScan is a C source code security scanner, which looks for misuse of
libc functions which use varargs and printf-style formatting
operators. In many situations these can cause security vulnerabilities
in the application if it runs with privileges (setugid, or listening
to a network socket, etc).
The Makefile gives a slightly better definition, though it has its
priority ordering backwards:
CATEGORIES= security devel
It's primarily a development tool, with potential use for detecting what
might eventually end up as security issues in applications.
Greg A. Woods
+1 416 218-0098; <email@example.com>; <firstname.lastname@example.org>
Planix, Inc. <email@example.com>; VE3TCP; Secrets of the Weird <firstname.lastname@example.org>