From: John Richard Moser <nigelenki@comcast.net>
To: Adrian Bunk <bunk@stusta.de>
Cc: Dave Jones <davej@redhat.com>, linux-kernel@vger.kernel.org
Subject: Re: Linux Kernel Audit Project?
Date: Mon, 17 Jan 2005 13:06:45 -0500 [thread overview]
Message-ID: <41EBFEB5.5080807@comcast.net> (raw)
In-Reply-To: <20050117123813.GO4274@stusta.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Adrian Bunk wrote:
> On Mon, Jan 17, 2005 at 02:47:32AM -0500, John Richard Moser wrote:
>
[...]
>
> What exactly do you want to audit for?
>
Security holes
> If it's only for "ordinary" bugs, that's simply not feasible.
> The amount of patches going into 2.6 is currently at about 3 MB every
> week. You can hardly keep up with all of that - and even if you were
> able to do so, some theoretically correct patch might break in practice
> due to hardware bugs or bugs in some toolchain.
>
Understood.
> Regarding security audits:
> They aren't a bad idea, and not bound to new patches - much legacy code
> in the kernel has for sure more bugs than new code. The linus-kernel way
> for such a project is not to scream "We need SOMETHING" - the
> linux-kernel way is that you start with the work to get the ball rolling
> (and if other people are interested to work in the same area, give them
> some guidance).
>
I'm nowhere near being able to actually do a security audit. I
understand what an audit is, I understand what causes vulnerabilities,
but I'd probably only be able to see the most obvious things (like
strcpy(a,"Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") into a[4]).
If I had a few more years of experience, college out of the way, a good
job, and had some of my other projects moving along, maybe. . . .
> cu
> Adrian
>
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB6/61hDd4aOud5P8RAiTiAJ4jUrPCHj3f+NT5RsgKUGUXO4PSGQCfXW3E
SWJkAfcoqcbW9hD2Ew33R18=
=hnty
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2005-01-17 18:14 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-17 7:17 Linux Kernel Audit Project? John Richard Moser
2005-01-17 7:31 ` Alban Browaeys
2005-01-17 7:32 ` Dave Jones
2005-01-17 7:47 ` John Richard Moser
2005-01-17 12:38 ` Adrian Bunk
2005-01-17 18:06 ` John Richard Moser [this message]
2005-01-17 7:40 ` John Richard Moser
2005-01-17 12:23 ` Alan Cox
2005-01-17 18:12 ` John Richard Moser
2005-01-17 18:16 ` Theodore Ts'o
2005-01-17 20:09 ` John Richard Moser
2005-01-17 13:11 ` Diego Calleja
2005-01-17 18:07 ` John Richard Moser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41EBFEB5.5080807@comcast.net \
--to=nigelenki@comcast.net \
--cc=bunk@stusta.de \
--cc=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.