Coverity Scan: Security Holes Found in Open Source Projects

last updated in Categories Links, News, Open source coding, php, programming, Security
Coverity Logo

Coverity is a company that creates tools for software development. Its premiere product is Prevent, a static-analysis code inspection tool. Coverity offers the results of Prevent’s analysis for free to open source developers.

From the project home page:

In collaboration with Stanford University, Coverity is establishing a new baseline for software quality and security in open source. Under a contract with the Department of Homeland Security, we apply the latest innovations in automated defect detection to uncover some of the most critical types of bugs found in software.

So the most notable use of Prevent is under a U.S. Department of Homeland Security contract, in which it is used to examine over 150 open source applications for bugs. Popular open source projects, such as Samba, the PHP, Perl, and Tcl dynamic languages used to bind together elements of Web sites, and Amanda, the popular open source backup and recovery software running on half a million servers, were all found to have dozens or hundreds of security exposures and quality defects.

For example, over 75% of the defects Scan identified in Samba were fixed within two reviews of the Scan analysis.
Over 75% of the defects Scan identified in Samba were fixed within two reviews of the Scan analysis.
(Fig. 01: Samba Project Code Scan Result)

=> More information about project and bugs (including charts) available at offical web site.

A total of 7,826 open source project defects have been fixed through the Homeland Security review, or one every two hours since it was launched in 2006, according to David Maxwell, open source strategist for Coverity, maker of the source code checking system, the Prevent Software Quality System, that’s being used in the review.

This project is really helping out to improve overall open source software quality.

How to recursively go through all local or remote directories

last updated in Categories CentOS, Linux, programming, Shell scripting, Tips, Ubuntu Linux, UNIX

You can use find command or recursdir command to recurse through local or remote directories to command/find files or create tar files.

recursdir command pass a C script to recursively perform operations on files. recursdir is an excellent tool for automatic stuff. It provides C style programming functions and statements such as:

  • strncmp()
  • exec()
  • system()
  • strstr()
  • strcat()
  • printf()
  • popen()
  • if ( expr ) { take-action }
  • if ( expr ) { take-action } else { do-something-else; }
  • /* comments */
  • Detecting file types and macros
  • All of the logical, arithmetic and bitwise C operators are supported. These are ( ) >= < = > < != == && || ! - + * / % & ^ and have the same meanings and precedences as in C. etc.

Continue reading “How to recursively go through all local or remote directories”

Linux assembly language comparison: GNU Assembler (GAS) vs Netwide Assembler (NASM)

last updated in Categories Howto, Linux, programming, UNIX

This article explains some of the more important syntactic and semantic differences between two of the most popular assemblers for Linux®, GNU Assembler (GAS) and Netwide Assembler (NASM), including differences in basic syntax, variables and memory access, macro handling, functions and external routines, stack handling, and techniques for easily repeating blocks of code.

Unlike other languages, assembly programming involves understanding the processor architecture of the machine that is being programmed. Assembly programs are not at all portable and are often cumbersome to maintain and understand, and can often contain a large number of lines of code. But with these limitations comes the advantage of speed and size of the runtime binary that executes on that machine. Even though the differences between these two assemblers are substantial, it’s not that difficult to convert from one form to another. You might find that the AT&T syntax seems at first difficult to understand, but once mastered, it’s as simple as the Intel syntax.

=> Linux Assemblers: A Comparison of GAS and NASM