Provided by: bfbtester_2.0.1-7.1build1_amd64 bug

NAME
       bfbtester - Brute Force Binary Tester


SYNOPSIS
       bfbtester [-htv] [-d level] [-r rejects] [-o out-file] [-x max-execs] -a|[-sme] files ...


DESCRIPTION
       BFBTester is great for doing quick, proactive, security checks of binary programs. BFBTester will perform
       checks of single and multiple argument command line overflows as well as environment variable  overflows.
       BFBTester  can  also  watch for tempfile creation activity to alert the user of any programs using unsafe
       tempfile names. While BFBTester can not test all overflows  in  software,  it  is  useful  for  detecting
       initial mistakes that can red flag dangerous software.


OPTIONS
       You must specify one or more of the following tests:

       -s     Single Argument Test.

       -m     Multiple Argument Test.

       -e     Environment Variable Test.

       -a     Selects all tests
              Other options:

       -h     Print help.

       -t     Enable tempfile monitoring.

       -v     Print version string.

       -d level
              Set debug level (default = 0, max = 2).

       -r rejects
              Comma separated list of binaries to skip.

       -o out-file
              Output to out-file rather than stdout.

       -x max-execs
              Set maximum executables to run in parallel (default = 250).

       file   Specific binary or a directory of binaries to test.


OVERVIEW
       You must specify at least one test to run and you must specify either a binary or a directory.

       Executable selection is now done in one of several ways:

       If the executable filename is specified with a leading slash (an absolute path), no selection is used and
       the supplied absolute filename is used.

       If there is no leading slash in the filename the selection is made in one of two ways (in this order):
         1) Prepend file name with $PWD and test accesiblity
         2) Search through $PATH and find first accessible executable The first one to succeed is the executable
       choosen.

       If  the  filename  found  is  a  directory, we walk the directory (one level deep) looking for executable
       binaries.

       Symbolic links are followed.

       You can specify binaries to skip (useful when loading a whole directory) by using the -r option.

       The following is a crash report:

       *** Crash </usr/bin/patch> ***
        args:           -D [05120]
        envs:           (null)
        Signal:         11 ( Segmentation fault )
        Core?           Yes

       This means "/usr/bin/patch" crashed when fed with an "-D" and a word 5,120 characters long:

       $ /usr/bin/patch -D AAA...5,120 characters...AAA

       (Numbers in brackets mean replace with a word that many characters long)

       BFBTester is very CPU intensive, and will open many files, so you probably don't want  to  run  it  on  a
       production machine during it's busiest period. Just a warning...


EXAMPLES
       bfbtester -s /usr/bin
              Run the single argument test on all binaries in folder /usr/bin.

       bfbtester -ta patch traceroute
              Run all tests against patch and traceroute and run the tempfile monitor.

       bfbtester -a ./bfbtester
              Tests bfbtester (provided it's in the same directory).

       bfbtester -r kill /usr/bin/kill
              Does nothing.


AUTHOR
       This manual page was written by Karl Soderstrom <ks@debian.org>, for the Debian GNU/Linux system (but may
       be used by others).

                                                januari 23, 2001                                    BFBTESTER(1)