From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:40155)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1RjCTv-0004Z4-GT
	for qemu-devel@nongnu.org; Fri, 06 Jan 2012 11:17:28 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1RjCTu-0002vt-Il
	for qemu-devel@nongnu.org; Fri, 06 Jan 2012 11:17:27 -0500
Received: from e34.co.us.ibm.com ([32.97.110.152]:34631)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1RjCTu-0002vp-9P
	for qemu-devel@nongnu.org; Fri, 06 Jan 2012 11:17:26 -0500
Received: from /spool/local
	by e34.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <coreyb@linux.vnet.ibm.com>;
	Fri, 6 Jan 2012 09:17:23 -0700
Received: from d03av04.boulder.ibm.com (d03av04.boulder.ibm.com [9.17.195.170])
	by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	q06GHDwI039494
	for <qemu-devel@nongnu.org>; Fri, 6 Jan 2012 09:17:14 -0700
Received: from d03av04.boulder.ibm.com (loopback [127.0.0.1])
	by d03av04.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP
	id q06GFgCS002893
	for <qemu-devel@nongnu.org>; Fri, 6 Jan 2012 09:15:46 -0700
Message-ID: <4F071C70.8070803@linux.vnet.ibm.com>
Date: Fri, 06 Jan 2012 11:08:16 -0500
From: Corey Bryant <coreyb@linux.vnet.ibm.com>
MIME-Version: 1.0
References: <4F071111.6080306@us.ibm.com>
In-Reply-To: <4F071111.6080306@us.ibm.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [RFC] QEMU Code Audit Team
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <aliguori@us.ibm.com>
Cc: Chris Wright <chrisw@redhat.com>, Avi Kivity <avi@redhat.com>, qemu-devel <qemu-devel@nongnu.org>, Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>



On 01/06/2012 10:19 AM, Anthony Liguori wrote:
> Hi,
>
> I had an idea I wanted to share and see what level of interest there was
> in participating and if anyone knows of a process that other projects
> follow for this.
>
> I'd like to start a more formal and transparent security audit of QEMU.
> The way I'd imagine it working is something like this:
>
> 1) People volunteer to be part of the audit team
>
> 2) Two people walk through a particular piece of code and independently
> flag anything that looks like a potential security issue.
>
> 3) Two people independently review everything that's flagged to see if
> there's a security issue.
>
> Step (3) is something that requires a fairly deep understanding of QEMU
> but step (2) is probably something that a lot of people could
> participate in.
>
> I'd want to focus initially on the common PC devices. The list isn't all
> that large and a review like this should only take a few hours to
> complete each step.
>
> Would folks be interested in participating in something like this? If
> so, I can start organizing it.
>
> Regards,
>
> Anthony Liguori

Count me in for step 2.  A good approach may be to run a static analysis 
tool against the code, followed by a manual scan of the code for common 
vulnerabilities that static analysis can't find.

-- 
Regards,
Corey