[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Some suggestions.

To: kernel-audit@nl.linux.org
Subject: Some suggestions.
From: Lars Gaarden <larsg@trustix.com>
Date: Mon, 12 Jun 2000 00:51:12 +0200
Organization: Trustix AS
References: <Pine.LNX.4.10.10006111631020.26873-100000@cafe.affinity-systems.ab.ca>
Sender: owner-kernel-audit@nl.linux.org


I expect that we'll need some kind of revision tracking, to make sure
that
all relevant problems found in 2.x are back/forward-ported to 2.y<x and
2.y>x.

Someone mentioned splitting the kernel into subsystems and auditing them
in turn. While this would catch stuff like potential buffer overflows
and
incomplete/lacking parameter validations, it won't catch design bugs and
thinkos in the interaction of the subsystems.

-- 
LarsG. These are my opinions, which may or may not be shared by my
employer.

Code that cracks a protection device is criminal under the DMCA even if
the
use of the copyrighted material that the code enables would be fair use.
- Lawrence Lessig, Berkman Professor of Law, Harward Law School.

Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/

Follow-Ups:
- Re: Some suggestions.
  - From: Marc Esipovich <marc@mucom.co.il>

References:
- Re: suggestion.
  - From: James Bourne <jbourne@affinity-systems.ab.ca>

Prev by Date: RE: suggestion
Next by Date: Re: suggestion
Prev by thread: Re: suggestion.
Next by thread: Re: Some suggestions.
Index(es):
- Date
- Thread