[kernel-hardening] Re: Linux Security Workgroup

[Dan Carpenter <dan.carpenter@oracle.com>]

On Tue, Oct 02, 2012 at 03:17:29PM -0700, Kees Cook wrote:
> On Tue, Oct 2, 2012 at 9:44 AM, Corey Bryant <coreyb@linux.vnet.ibm.com> wrote:
> >
> >
> > On 10/02/2012 12:23 PM, Kees Cook wrote:
> >>
> >> On Thu, Sep 27, 2012 at 12:26 PM, Corey Bryant
> >> <coreyb@linux.vnet.ibm.com> wrote:
> >>>
> >>> At the Linux Security Summit we began discussing the Linux Security
> >>> Workgroup and some of the efforts that we can focus on.
> >>>
> >>> The charter of the workgroup is to provide on-going security
> >>> verification of Linux kernel subsystems in order to assist in securing
> >>> the
> >>> Linux Kernel and maintain trust and confidence in the security of the
> >>> Linux
> >>> ecosystem.
> >>>
> >>> This may include, but is not limited to, topics such as tooling to assist
> >>> in
> >>> securing the Linux Kernel, verification and testing of critical
> >>> subsystems
> >>> for vulnerabilities, security improvements for build tools, and providing
> >>> guidance for maintaining subsystem security.
> >>
> >>
> >> Thanks for getting this rolling!
> >>
> >> What are the next steps? Does it make sense to try to gather a list of
> >> active projects to try and see where things currently stand? (i.e who
> >> is actively running smatch, trinity, etc?) Or to call attention to a
> >> specific subsystem that needs direct auditing (e.g. KVM)?
> >>
> >> -Kees
> >>
> >
> > No problem, thanks for the input!
> >
> > I think having a list of active projects is a good place to start.
> 
> I know Dan Carpenter is running smatch, as well as Fengguang Wu.
> Getting details on which trees are being scanned would be good.
> 

I run it against linux-next x86_64 allmodconfig.

regards,
dan carpenter