Linux testing software: Starting from the source code

Nowadays, a large number of network servers are starting to use the Linux operating system, and the security of Linux servers is also getting more and more attention. Linux Server attacks are defined as: attacks are unauthorized actions designed to impede, damage, weaken, or damage the security of Linux servers, the attack range can be from denial of service to completely endangering and damaging the Linux server. There are many types of Linux Server attacks. From the perspective of attack depth, we can divide the attacks into four levels: DoS) the local user obtains the read and write permissions of unauthorized files, the remote user obtains the read and write permissions of privileged files, and the remote user obtains the root permission. Next, we will select some classic linux testing software-targeted tools to illustrate them one by one.

The most common defect in Linux is buffer overflow. A buffer may previously be defined as a continuous computer memory block containing instances of the same data type ". The most common buffer type is a simple character array. Overflow means that data is added out of the memory block allocated to the buffer. From this, we can see that, as an open-source system, code check in Linux is very important. For attackers and administrators, whoever attaches importance to it first takes the initiative to a certain extent.

(1) linux testing software SPIKE

SPIKE is a security testing tool written by Dave Aitel of immunitysec. SPIKE provides a variety of constructor functions. For example, s_binary can be used to construct binary data, s_string can be used to construct a string, and s_unistring can be used to construct a UNICODE string. Another advantage of SPIKE is Dave Aitel's Fuzz theory. It can construct special numbers or strings as program input and check whether the program can process the exception data. In addition, SPIKE provides common protocol support, such as sun rpc and ms rpc.

(2) linux testing software Lint

A list of some errors that Lint can check: Possible null pointers, this pointer is used after memory is released, assignment order problems, spelling errors, and so on. Generally, a C/C ++ compiler assumes that the program is correct, while Lint is the opposite. Therefore, it is better than the general check executed by the compiler. Lint can run through multiple files to perform error checking and code analysis. This is something the compiler cannot do. Popular Lint programs include: PC-lint is a commercial program provided by Gimpel Software that supports C/C ++; Splint (the original LCLint) it is a GNU Free Lint program, but only supports C and does not support C ++.
When running Lint, just like a normal compiler, you just need to add the makefile directly. You can control and calibrate the Lint output by configuring options and code annotations. For example, here is a function that returns a NULL pointer. Splint can be identified through the following comments/* @ null:
 

 
 

  
  
/*@null@*/ void *test(void)  
  
  
{  
  
  
// a function that returns NULL!  
  
  
return NULL;  
  
  
} 
 
 

This has two purposes: to prevent Splint from alerting the function that returns the Null pointer for this function; To ensure that Splint checks that the return pointer of this function is valid in any code that calls this function.

(3) linux testing software Flawfinder

Flawfinder is a security audit tool for c and c ++ programs written in Python to check potential security risks. It searches for the source code of the file to obtain potential security vulnerabilities. It supports detecting databases and generating reports in HTML format.