Re: Linux Kernel Audit Project?
From: John Richard Moser
Date: Mon Jan 17 2005 - 13:23:54 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adrian Bunk wrote:
> On Mon, Jan 17, 2005 at 02:47:32AM -0500, John Richard Moser wrote:
>
[...]
>
> What exactly do you want to audit for?
>
Security holes
> If it's only for "ordinary" bugs, that's simply not feasible.
> The amount of patches going into 2.6 is currently at about 3 MB every
> week. You can hardly keep up with all of that - and even if you were
> able to do so, some theoretically correct patch might break in practice
> due to hardware bugs or bugs in some toolchain.
>
Understood.
> Regarding security audits:
> They aren't a bad idea, and not bound to new patches - much legacy code
> in the kernel has for sure more bugs than new code. The linus-kernel way
> for such a project is not to scream "We need SOMETHING" - the
> linux-kernel way is that you start with the work to get the ball rolling
> (and if other people are interested to work in the same area, give them
> some guidance).
>
I'm nowhere near being able to actually do a security audit. I
understand what an audit is, I understand what causes vulnerabilities,
but I'd probably only be able to see the most obvious things (like
strcpy(a,"Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") into a[4]).
If I had a few more years of experience, college out of the way, a good
job, and had some of my other projects moving along, maybe. . . .
> cu
> Adrian
>
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB6/61hDd4aOud5P8RAiTiAJ4jUrPCHj3f+NT5RsgKUGUXO4PSGQCfXW3E
SWJkAfcoqcbW9hD2Ew33R18=
=hnty
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/