summaryrefslogtreecommitdiff
path: root/open_issues
diff options
context:
space:
mode:
authorThomas Schwinge <thomas@codesourcery.com>2013-02-14 12:14:54 +0100
committerThomas Schwinge <thomas@codesourcery.com>2013-02-14 12:14:54 +0100
commit0bbe1c0639808bf755673e9dd21355e7571847d4 (patch)
treeea69b82f090e533f97684f9b7b27deee2534f249 /open_issues
parent6e1496e240ae682648575ba79115197d85477a08 (diff)
Unify content about input fuzzing.
Diffstat (limited to 'open_issues')
-rw-r--r--open_issues/code_analysis.mdwn11
-rw-r--r--open_issues/security.mdwn12
2 files changed, 10 insertions, 13 deletions
diff --git a/open_issues/code_analysis.mdwn b/open_issues/code_analysis.mdwn
index 290bee42..65da942f 100644
--- a/open_issues/code_analysis.mdwn
+++ b/open_issues/code_analysis.mdwn
@@ -1,4 +1,4 @@
-[[!meta copyright="Copyright © 2010, 2011, 2012 Free Software Foundation,
+[[!meta copyright="Copyright © 2010, 2011, 2012, 2013 Free Software Foundation,
Inc."]]
[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
@@ -188,9 +188,12 @@ There is a [[!FF_project 276]][[!tag bounty]] on some of these tasks.
* Input fuzzing
- Not a new topic; has been used (and a paper published) for early UNIX
- tools, I[[I|tschwinge]]RC.
+ Not a new topic; has been used (and papers published?) for early [[UNIX]]
+ tools. What about some [[RPC]] fuzzing?
* <http://caca.zoy.org/wiki/zzuf>
- What about some [[RPC]] fuzzing?
+ * <http://www.ece.cmu.edu/~koopman/ballista/>
+
+ * [Jones: system call abuse](http://lwn.net/Articles/414273/), Dave
+ Jones, 2010.
diff --git a/open_issues/security.mdwn b/open_issues/security.mdwn
index 055c8bdc..d8ffc04e 100644
--- a/open_issues/security.mdwn
+++ b/open_issues/security.mdwn
@@ -1,4 +1,4 @@
-[[!meta copyright="Copyright © 2010 Free Software Foundation, Inc."]]
+[[!meta copyright="Copyright © 2010, 2013 Free Software Foundation, Inc."]]
[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
id="license" text="Permission is granted to copy, distribute and/or modify this
@@ -24,11 +24,5 @@ automated fashion.
All publically usable interfaces provide attacking targets. This includes all
[[system call]]s and [[RPC]] interfaces.
-Fuzzing techniques can be use for locating possible issues.
-
- * <http://lwn.net/Articles/414273/>
-
- * Has already been used in the 70s / 80s (?) for testing [[UNIX]] command
- line tools.
-
- * <http://www.ece.cmu.edu/~koopman/ballista/>
+Fuzzing techniques can be use for locating possible issues; see discussion on
+the [[code_analysis]] page.