Re: Linux Kernel Audit Project?

From: John Richard Moser
Date: Mon Jan 17 2005 - 13:27:40 EST

Next message: Michal Semler: "Satelco driver stopped development - new developer wanted"
Previous message: Brian Henning: "Re: smbfs in 2.6.8 SMP kernel"
In reply to: Alan Cox: "Re: Linux Kernel Audit Project?"
Next in thread: Theodore Ts'o: "Re: Linux Kernel Audit Project?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alan Cox wrote:
> On Llu, 2005-01-17 at 07:40, John Richard Moser wrote:
>
>>On the same line, I've been graphing Ubuntu Linux Security Notices for a
>>while. I've noticed that in the last 5, the number of kernel-related
>>vulnerabilities has doubled (3 more). This disturbs me.
>
>
> I've been monitoring the kernel security stuff for a long time too.
> There are several obvious trends and I think most are positive
>
> - Tools like coverity and sparse are significantly increasing the number
> of flaws found. In particular they are turning up long time flaws in
> code, but they also mean new flaws of that type are being found. People
> aren't really turning these tools onto user space - yet -
>

These are great, but I don't think such tools could cover all issues,
especially in the kernel (where hardware is a factor). Perhaps by
hammering a function with every input possible, but eh.

Humans create the tools, humans create the flaws. Thus, humans create
flaws in the tools. Humans of course aren't staticly flawed (as the
tools will be), so they or other humans can notice bugs they missed before.

> - We get bursts of holes of a given type. If you plot things like
> "buffer overflow" "structure passed to user space not cleaned" "maths
> overflow check error" against time you'll see they show definite
> patterns with spikes decaying at different rates towards zero.
>

\o/

> There are also people other than Linus who read every single changeset.
> I do for one.
>

"Read" and "Audit" are two different things. I can read a changeset and
see that a[10] got a 20 character string into it; I will NOT see that a
particular execution path 17 function calls long under one obscure but
possible and deliberately activatable condition causes memory corruption.

I thought the purpose of an audit was to sit down and give the code
several long, hard looks from different perspectives; though I've never
done one (I hope to in the future), so I wouldn't know would I?

Maybe I should stop talking before I make myself look stupider...

> Alan

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFB7AAjhDd4aOud5P8RAlQqAJ9eVwAClqkqMLETCyIFC6UeyKX0ogCfUUwN
2EWlPWnym7IHz4a/bVBQHmU=
=VpA2
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Michal Semler: "Satelco driver stopped development - new developer wanted"
Previous message: Brian Henning: "Re: smbfs in 2.6.8 SMP kernel"
In reply to: Alan Cox: "Re: Linux Kernel Audit Project?"
Next in thread: Theodore Ts'o: "Re: Linux Kernel Audit Project?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]