Re: Linux Trace Toolkit for kernel auditing (and thoughts)

[Kurt Roeckx <Q@ping.be>]

On Sun, Jun 11, 2000 at 05:50:04AM +0000, cybertech@cybertech.org wrote:
> A tool I've run across, but haven't yet used, is a run-time bounds 
> checking 
> patch for GCC.  I don't know about the viability of a kernel built with 
> this patch, but it might be 
> interesting -- http://web.inter.nl.net/hcc/Haj.Ten.Brugge

I've tried compiling it with that patch before, but I don't know enough
about the kernel to make it work, or that can be made to work at all.

It should probably made to work with the slab allocater, and things like
that. It overrides alot of libc functions, which now should become kernel
functions ...

It's a very great tool to find certain types of bugs. I use this on all
software I write. It's really slow tho.

If someone makes it work, I'm very happy to run it.


Anyway, I think that a good audit starts by documenting all kernel
functions properly. What it should do, what is the (allowed) input,
output, what can change, what is the return value in what case.

I don't really care where we start, as long as we start :)


Kurt

Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/