Re: Linux Kernel Audit Project?

From: Alan Cox
Date: Mon Jan 17 2005 - 08:34:06 EST

Next message: Alan Cox: "Re: [PATCH] Restartable poll(2)"
Previous message: Alan Cox: "Re: vgacon fixes to help font restauration in X11"
In reply to: John Richard Moser: "Re: Linux Kernel Audit Project?"
Next in thread: John Richard Moser: "Re: Linux Kernel Audit Project?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Llu, 2005-01-17 at 07:40, John Richard Moser wrote:
> On the same line, I've been graphing Ubuntu Linux Security Notices for a
> while. I've noticed that in the last 5, the number of kernel-related
> vulnerabilities has doubled (3 more). This disturbs me.

I've been monitoring the kernel security stuff for a long time too.
There are several obvious trends and I think most are positive

- Tools like coverity and sparse are significantly increasing the number
of flaws found. In particular they are turning up long time flaws in
code, but they also mean new flaws of that type are being found. People
aren't really turning these tools onto user space - yet -

- We get bursts of holes of a given type. If you plot things like
"buffer overflow" "structure passed to user space not cleaned" "maths
overflow check error" against time you'll see they show definite
patterns with spikes decaying at different rates towards zero.

There are also people other than Linus who read every single changeset.
I do for one.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: [PATCH] Restartable poll(2)"
Previous message: Alan Cox: "Re: vgacon fixes to help font restauration in X11"
In reply to: John Richard Moser: "Re: Linux Kernel Audit Project?"
Next in thread: John Richard Moser: "Re: Linux Kernel Audit Project?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]