-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hans de Goede wrote: > Hi, > > As some of you already know I'm a computer science teacher at a Dutch > university. Currently I'm giving a course about security. > > For my next practical lesson I want my students todo an audit of a small > piece of C-code. Nothing fancy really just looking for sprintf instead > of snprintf, gets instead of fgets, etc. And formatstring vulnerabilities. > > Does anyone know of some (small!) piece of software in Fedora (Extras) > that could benefit from this? > > And are there any other simple checks my students could do? > > Any findings will of course be published. Many of the games in the bsd-games package are fairly small (one or two .c files) and could probably use an audit. Since most of them don't run setgid, and drop any gid privileges before doing anything anyway, security hasn't been an issue with them. - --Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEfaxGDeYlPfs40g8RAqRPAJ9cpNgcMKsWH+RcUgUZ70LXR/cl6wCfZ486 tcVCdQyTg+KEUAE3GnxAD5o= =OxCz -----END PGP SIGNATURE-----
