Automated Audit Example: pscan
pscan is a package which is designed to audit C and C++ source files for format string vulnerabilities.
It is not a general purpose auditing tool.
Running pscan is a simple matter of invoking it with the name of a file, or files, to check. For example:
The output will be written directly to the console:
test.c:42 SECURITY: printf call should have "%s" as argument 0
The output in this case is easy to understand. It has correctly identified the fact that the printf call doesn't quote it's arguments properly.
The output also shows us what we must do to correct the flaw, change the code which reads:
printf( buff );
printf( "%s", buff );
Not doing this could allow an attacker who can control the output of ls to attack the program, by creating a file called "%s", or similar.
Format string attacks are discussed in this Security Focus introduction.
The Secure Programming for Linux and Unix HOWTO explains how to protect against these attacks in commonly used variadic functions such as: