[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Starting point

To: macok@kocour.ms.mff.cuni.cz
Subject: Re: Starting point
From: James Bourne <jbourne@affinity-systems.ab.ca>
Date: Sun, 11 Jun 2000 11:39:52 -0600 (MDT)
cc: kernel-audit@nl.linux.org
In-Reply-To: <20000611151750.E1003@p75.kolej.mff.cuni.cz>
Sender: owner-kernel-audit@nl.linux.org

On Sun, 11 Jun 2000, Martin Macok wrote:

> I could not imagine the OpenBSD way in Linux development process.
> 
> OpenBSD release 1-2 kernels a year and they DOESN'T release anything that
> WASN'T audited ... (security, stability, correctness, paranoia)
> 
> Linux release a kernel every week/month/day and they release almost
> everything that seemes to work ... (speed, hardware support, stability)
> 
> I can't imagine way to audit all of 'their' changes.

What if we based audits on only stable kernels, not development kernels. 
There's normaly a few weeks bettween stable kernel releases which would mean
more time to audit fewer changes.

> Maybe choose ONE current release and audit it perfectly and then 
>  - say to kernel-hackers "we have audited 2.x.y, we found this, this and
>    that ... our 2.x.y-audited version/patch is here and please try to
>    'merge' it into current/new releases"
>  - then go along every change to current release and audit it OR
>  - choose one release a year and create audited version (remove broken
>    drivers, dangerous/untrusted things etc...)
> 
> > - The LKAP should also work preventively by improving kernel (interface)
> > documentation and authoring documents on writing safe code.
> 
> IMHO this is a right(tm) place to start! Create REAL kernel documentation,
> document interfaces, routines, principles, functions and structures - this
> would be even good for newbies and prevention of misuse ... Auditing
> would be a 'side effect' of this process.

Agreed here.  Programmers are not technical writers, therefore documentation
is sometimes not near what it should be :)

Jim

> 
> Have a nice day
> 
> 

-- 
James Bourne                  | Email:  jbourne@affinity-systems.ab.ca
Affinity Systems Inc.         | WWW: http://www.affinity-systems.ab.ca
Everything Linux              | Linux:  The choice of a GNU generation
----------------------------------------------------------------------
Unix System Administration, System programming, Network Administration


Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/

References:
- Re: Starting point
  - From: Martin Macok <martin.macok@underground.cz>

Prev by Date: Re: A place to start
Next by Date: Re: A place to start
Prev by thread: Re: Starting point
Next by thread: Re: Starting point
Index(es):
- Date
- Thread