HN SecurityMay 19
Marco Ivaldi

During the weekend, I’ve been working a bit on updating my battle-tested #semgrep ruleset for #c #vulnerability research

https://github.com/0xdea/semgrep-rules

Nothing major, just a couple of small updates. It feels good to be back doing some #security #research! Let’s see where this takes me…

GitHub - 0xdea/semgrep-rules: A collection of my Semgrep rules to facilitate vulnerability research.

A collection of my Semgrep rules to facilitate vulnerability research. - 0xdea/semgrep-rules

GitHub
May 19 at 10:46amWeb
Show threadAlan CoopersmithMay 19
@raptor looks like you've covered most of the common cases from our list at https://docs.oracle.com/cd/E37838_01/html/E61050/gnclc.html already, though there are some Solaris-specific cases you are missing, like the possibility of shell injection in wordexp() since we exec a shell instead of embedding a shell language parser like GNU libc does, or our p2open() counterpart to popen().
Security Considerations When Using C Functions - Developer's Guide to Oracle® Solaris 11.4 Security

The necessary security considerations when using C library functions are outlined in the following table. Each function is classified into one of the following categories:...

Show threadMarco IvaldiMay 19
@alanc Thank you for the link and the comment, very interesting! ✊