LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

CERT Linux Triage Tools 1.0 Released

[Posted April 25, 2012 by corbet]

CERT has announced the release of version 1.0 of its "triage tools" for Linux. At its core, it is a Python-based GDB extension called "exploitable" that be used to determine the severity of a given vulnerability.
(Log in to post comments)

CERT Linux Triage Tools 1.0 Released

Posted Apr 26, 2012 1:58 UTC (Thu) by arjan (subscriber, #36785) [Link]

hmmm several hours and no comments yet.

I have to say that I think this is a very cool thing, that I certainly will be using myself, including in crashdump submission/processing stuff that I'm working on. I'll also try to convince our security team to help out with this project.. sounds very worthwhile.

CERT Linux Triage Tools 1.0 Released

Posted Apr 26, 2012 2:09 UTC (Thu) by yarikoptic (subscriber, #36795) [Link]

definitely worthwhile

but I wonder why it was not made as some kind of extension/feature for valgrind. apps might not crash in gdb (varying on architecture) while performing "shady" operations, while valgrind would have caught them. That is why imho it would have been nice if such msgs where a part of a valgrind report.

CERT Linux Triage Tools 1.0 Released

Posted Apr 26, 2012 10:43 UTC (Thu) by robert_s (subscriber, #42402) [Link]

On the other hand, as a gdb extension it can be used after the fact on a core dump and/or be used on a crash caught by kde or gnome's crash handlers.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds