Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

bfbtester(1) [debian man page]

BFBTESTER(1)						      General Commands Manual						      BFBTESTER(1)

NAME

       bfbtester - Brute Force Binary Tester

SYNOPSIS

       bfbtester [-htv] [-d level] [-r rejects] [-o out-file] [-x max-execs] -a|[-sme] files ...

DESCRIPTION

       BFBTester  is  great  for  doing quick, proactive, security checks of binary programs. BFBTester will perform checks of single and multiple
       argument command line overflows as well as environment variable overflows. BFBTester can also watch for tempfile creation activity to alert
       the  user  of  any programs using unsafe tempfile names. While BFBTester can not test all overflows in software, it is useful for detecting
       initial mistakes that can red flag dangerous software.

OPTIONS

       You must specify one or more of the following tests:

       -s     Single Argument Test.

       -m     Multiple Argument Test.

       -e     Environment Variable Test.

       -a     Selects all tests
	      Other options:

       -h     Print help.

       -t     Enable tempfile monitoring.

       -v     Print version string.

       -d level
	      Set debug level (default = 0, max = 2).

       -r rejects
	      Comma separated list of binaries to skip.

       -o out-file
	      Output to out-file rather than stdout.

       -x max-execs
	      Set maximum executables to run in parallel (default = 250).

       file   Specific binary or a directory of binaries to test.

OVERVIEW

       You must specify at least one test to run and you must specify either a binary or a directory.

       Executable selection is now done in one of several ways:

       If the executable filename is specified with a leading slash (an absolute path), no selection is used and the supplied absolute filename is
       used.

       If there is no leading slash in the filename the selection is made in one of two ways (in this order):
	 1) Prepend file name with $PWD and test accesiblity
	 2) Search through $PATH and find first accessible executable The first one to succeed is the executable choosen.

       If the filename found is a directory, we walk the directory (one level deep) looking for executable binaries.

       Symbolic links are followed.

       You can specify binaries to skip (useful when loading a whole directory) by using the -r option.

       The following is a crash report:

       *** Crash </usr/bin/patch> ***
	args:		-D [05120]
	envs:		(null)
	Signal: 	11 ( Segmentation fault )
	Core?		Yes

       This means "/usr/bin/patch" crashed when fed with an "-D" and a word 5,120 characters long:

       $ /usr/bin/patch -D AAA...5,120 characters...AAA

       (Numbers in brackets mean replace with a word that many characters long)

       BFBTester is very CPU intensive, and will open many files, so you probably don't want to run it on a production machine during it's busiest
       period. Just a warning...

EXAMPLES

       bfbtester -s /usr/bin
	      Run the single argument test on all binaries in folder /usr/bin.

       bfbtester -ta patch traceroute
	      Run all tests against patch and traceroute and run the tempfile monitor.

       bfbtester -a ./bfbtester
	      Tests bfbtester (provided it's in the same directory).

       bfbtester -r kill /usr/bin/kill
	      Does nothing.

AUTHOR

       This manual page was written by Karl Soderstrom <ks@debian.org>, for the Debian GNU/Linux system (but may be used by others).

								 januari 23, 2001						      BFBTESTER(1)

Check Out this Related Man Page

whereis(1B)					     SunOS/BSD Compatibility Package Commands					       whereis(1B)

NAME

       whereis - locate the binary, source, and manual page files for a command

SYNOPSIS

       /usr/ucb/whereis [-bmsu] [ -BMS directory...  -f] filename...

DESCRIPTION

       The  whereis utility locates source/binary and manuals sections for specified files. The supplied names are first stripped of leading path-
       name components and any (single) trailing extension of the form .ext, for example, .c.  Prefixes of s. resulting from use  of  source  code
       control are also dealt with. whereis then attempts to locate the desired program in a list of standard places:

       etc
       /sbin
       /usr/bin
       /usr/ccs/bin
       /usr/ccs/lib
       /usr/lang
       /usr/lbin
       /usr/lib
       /usr/sbin
       /usr/ucb
       /usr/ucblib
       /usr/ucbinclude
       /usr/games
       /usr/local
       /usr/local/bin
       /usr/new
       /usr/old
       /usr/hosts
       /usr/include
       /usr/etc

OPTIONS

       The following options are supported:

       -b	Searches only for binaries.

       -B	Changes or otherwise limits the places where whereis searches for binaries.

       -f	Terminates the last directory list and signals the start of file names, and must be used when any of the -B, -M, or -S options are
		used.

       -m	Searches only for manual sections.

       -M	Changes or otherwise limits the places where whereis searches for manual sections.

       -s	Searches only for sources.

       -S	Changes or otherwise limit the places where whereis searches for sources.

       -u	Searches for unusual entries. A file is said to be  unusual  if  it  does  not	have  one  entry  of  each  requested  type.  Thus
		`whereis  -m  -u  *' asks for those files in the current directory which have no documentation.

EXAMPLES

       Example 1: Finding files

       Find all files in /usr/bin which are not documented in /usr/share/man/man1 with source in /usr/src/cmd:

       example% cd /usr/ucb
       example% whereis -u -M /usr/share/man/man1 -S /usr/src/cmd -f *

FILES

       /usr/src/*

       /usr/{doc,man}/*

       /etc, /usr/{lib,bin,ucb,old,new,local}

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWscpu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       chdir(2), attributes(5)

BUGS

       Since whereis uses chdir(2) to run faster, pathnames given with the -M, -S, or -B must be full; that is, they must begin with a `/'.

SunOS 5.10							    10 Jan 2000 						       whereis(1B)
Man Page