I am trying to analyze an open source auditing tool to determine if it makes unn

Question

I am trying to analyze an open source auditing tool to determine if it makes unnecessary and potentially harmful changes to the system. I am interested in determining if the script calls any binaries or writes to any files other than its own log file. I have analyzed the strace output for exec and write syscalls but am concerned it may not include information about child processes or that it may miss potentially malicious changes to the system. If anyone could suggest other methodologies I would be grateful.
How do you determine if an open source script contains malicious code?

Explanation / Answer

Based on the rather generic requirements, I must say that there really are oh so very many ways to do malicious stuff, and even more ways to hide or obscure those activities.
For example, perhaps it only gets triggered after 3 months of use?

On the other hand - if this is open source, I would suggest auditing the code.
You can definitively verify anything and everything the code does, even under a very specific set of circumstances. Code coverage, and all that...

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.