|
From: Nicholas N. <nj...@cs...> - 2007-10-21 23:08:13
|
On Sat, 20 Oct 2007, Shahriyar Amini wrote: > Is there a way to know whether a piece of code, or an input has been > provided by user/network? I think you have to assume that values that come from certain system calls are tainted. Eg. anything that comes from a system call like 'read' or 'recvmsg'. You can identify such inputs using a combination of system call wrappers (pre_syscall/post_syscall) and the post_mem_write event. See include/pub_tool_tooliface.h for details. Hope this helps. Nick |