[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

where to start?

To: kernel-audit@nl.linux.org
Subject: where to start?
From: Rik van Riel <riel@conectiva.com.br>
Date: Fri, 9 Jun 2000 19:59:07 -0300 (BRST)
Sender: owner-kernel-audit@nl.linux.org

Hi,

this list seems to have gathered about 100 people now,
presumably all interested in squishing out some bugs from
the Linux kernel.

What I'm curious about is which bugs people would be worried
about. Which bugs *should* we worry about?

AFAICS we should encounter 4 types of bugs when searching
through the code:

1) "crashme" bugs, system calls and other places where the
   kernel crashes when confronted with faulty data

2) security bugs, exploiting bugs in the code, a user is
   able to gain priveledges the user should not have
   (eg. the CAP_SETUID bug ... would there be more of these
   in the capability code???)

3) stability bugs where the user can "exploit" some special
   situation to make the kernel behave badly or crash
   (eg. write to a file you're truncating, confusing buffer.c
   and various other places)

4) other, non-security bugs in the code .. no doubt we'll
   encounter these when we take a closer look at the code
   (also, these could be outside of the scope of this
   project ???)


Bugs of category 1) and 3) could be found by non-programmers
too, by simply stressing the machine heavily until a bug is
hit. Typical "overload tests" and crashme could be of help in
this.

Category 2), though, will require people to take a look at the
code and actually audit code paths in the kernel. This will be
more difficult work, but more fun for some of us. In the process
of looking for category 2) bugs, we'll probably also uncover
some bugs of category 4) ... 


I guess some of the first steps we could take are:
- collecting some programs and test scripts to look for
  1) and 3) bugs .. and to make it easy for non-programmers
  to setup their box as stress-test machine
- identify "suspect" areas of the kernel that should be
  looked at in more detail


Does anybody have some ideas on where we should start?

Web hosting and other stuff can be done on nl.linux.org,
so no need to worry about needed facilities...


regards,

Rik
--
The Internet is not a network of computers. It is a network
of people. That is its real strength.

Wanna talk about the kernel?  irc.openprojects.net / #kernelnewbies
http://www.conectiva.com/		http://www.surriel.com/


Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/

Follow-Ups:
- RE: where to start?
  - From: Mathijs Mohlmann <mathijs@knoware.nl>
- Re: where to start?
  - From: John McDermott <jjm@jkintl.com>
- Re: where to start?
  - From: Tom Vogt <tom@lemuria.org>

Prev by Date: Re: Mission statement for LKAP(Linux kernel auditing project)
Next by Date: Fwd: Re: where to start?
Prev by thread: Re: OpenBSD
Next by thread: RE: where to start?
Index(es):
- Date
- Thread