Large-scale analysis of format string vulnerabilities in Debian Linux

Karl Chen, David Wagner
2007 Proceedings of the 2007 workshop on Programming languages and analysis for security - PLAS '07  
Format-string bugs are a relatively common security vulnerability, and can lead to arbitrary code execution. In collaboration with others, we designed and implemented a system to eliminate format string vulnerabilities from an entire Linux distribution, using typequalifier inference, a static analysis technique that can find taint violations. We successfully analyze 66% of C/C++ source packages in the Debian 3.1 Linux distribution. Our system finds 1,533 format string taint warnings. We
more » ... that 85% of these are true positives, i.e., real bugs; ignoring duplicates from libraries, about 75% are real bugs. We suggest that the technology exists to render format string vulnerabilities extinct in the near future.
doi:10.1145/1255329.1255344 dblp:conf/pldi/ChenW07 fatcat:v7bdavtwczb7hcgwf5r2ovuonq