Require mentoring for picking up

kernel-janitors.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Require mentoring for picking up
@ 2013-07-02 23:56 Imtiyaz Hussain
  2013-07-03  0:52 ` Logan Blyth
  2013-07-03  7:25 ` Dan Carpenter
  0 siblings, 2 replies; 3+ messages in thread
From: Imtiyaz Hussain @ 2013-07-02 23:56 UTC (permalink / raw)
  To: kernel-janitors

Hello list,

I have set up my test-box with help from Kumar Amit Mehta. I would
like to start kernel janitorial work and would like to take up the
below task found in TODO link (
http://kernelnewbies.org/KernelJanitors/Todo ):-

"...From: Hans Grobler
- audit ioctl functions to make sure there is no way a user can crash
the machine or do sensitive stuff. For example, check for the
necessary capabilities. Check that no userspace pointers are accessed
directly. be careful with this... it takes a while to figure out which
ioctls are covered by the parent ioctl function (these can be nested
to great depths)..."

I looked at the mailing lists and found no one is working on this.
Please correct my understanding. I am new to kernel newbies, so this
is what i think before starting:-
1. Contact Hans Grobler for starting up ?
2. Find files with ioctl functions already implemented and do the
required assessment.

Also, needed some advise on git branching to work on the kernel.

Your advise will be helpful.

Sincerely,
Immi

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Require mentoring for picking up
  2013-07-02 23:56 Require mentoring for picking up Imtiyaz Hussain
@ 2013-07-03  0:52 ` Logan Blyth
  2013-07-03  7:25 ` Dan Carpenter
  1 sibling, 0 replies; 3+ messages in thread
From: Logan Blyth @ 2013-07-03  0:52 UTC (permalink / raw)
  To: kernel-janitors

I also would like help setting up a test box / getting started as a 
janitor.  Imtiyaz beat me to an email :)
On 07/02/2013 07:56 PM, Imtiyaz Hussain wrote:
> Hello list,
>
> I have set up my test-box with help from Kumar Amit Mehta. I would
> like to start kernel janitorial work and would like to take up the
> below task found in TODO link (
> http://kernelnewbies.org/KernelJanitors/Todo ):-
>
> "...From: Hans Grobler
> - audit ioctl functions to make sure there is no way a user can crash
> the machine or do sensitive stuff. For example, check for the
> necessary capabilities. Check that no userspace pointers are accessed
> directly. be careful with this... it takes a while to figure out which
> ioctls are covered by the parent ioctl function (these can be nested
> to great depths)..."
>
> I looked at the mailing lists and found no one is working on this.
> Please correct my understanding. I am new to kernel newbies, so this
> is what i think before starting:-
> 1. Contact Hans Grobler for starting up ?
> 2. Find files with ioctl functions already implemented and do the
> required assessment.
>
> Also, needed some advise on git branching to work on the kernel.
>
> Your advise will be helpful.
>
> Sincerely,
> Immi
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Require mentoring for picking up
  2013-07-02 23:56 Require mentoring for picking up Imtiyaz Hussain
  2013-07-03  0:52 ` Logan Blyth
@ 2013-07-03  7:25 ` Dan Carpenter
  1 sibling, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2013-07-03  7:25 UTC (permalink / raw)
  To: kernel-janitors

I have chopped your email up to respond to the easy bits first.

> I looked at the mailing lists and found no one is working on this.
> Please correct my understanding. I am new to kernel newbies, so this
> is what i think before starting:-
> 1. Contact Hans Grobler for starting up ?

Don't do that.  He wasn't offering to teach people he was just
suggesting ideas.

> 2. Find files with ioctl functions already implemented and do the
> required assessment.
> 
> Also, needed some advise on git branching to work on the kernel.

linux-next.

> "...From: Hans Grobler
> - audit ioctl functions to make sure there is no way a user can crash
> the machine or do sensitive stuff. For example, check for the
> necessary capabilities. Check that no userspace pointers are accessed
> directly. be careful with this... it takes a while to figure out which
> ioctls are covered by the parent ioctl function (these can be nested
> to great depths)..."
> 

Looking for these sort of security bugs is fun.

These days userspace pointers are annotated with the __user tag and
Sparse warns if they are used incorrectly.

	"warning: dereference of noderef expression"

We are pretty good about eliminating these kinds of bugs.  You will
find some warnings still, but the majority are false positives.

Really this task is quite hard because people are constantly looking
for security bugs.  I do with Smatch.  But in drivers/staging/ there
are still quite a few left.

Btw, most times when you think you have found a security bug in an
ioctl, you really haven't.  There is always some reason why the bug
is hard to exploit.  If you think you have found one, then let us
know on the list and we can check it for you.  (It's fine to discuss
security bugs from drivers/staging/ in public, no one will get
upset.  I fix these sorts of thing regularly.)

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2013-07-03  7:25 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-07-02 23:56 Require mentoring for picking up Imtiyaz Hussain
2013-07-03  0:52 ` Logan Blyth
2013-07-03  7:25 ` Dan Carpenter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).