Re: Some suggestions.

[Marc Esipovich <marc@mucom.co.il>]

On Mon, Jun 12, 2000 at 12:51:12AM +0200, Lars Gaarden wrote:
> 
> I expect that we'll need some kind of revision tracking, to make sure
> that
> all relevant problems found in 2.x are back/forward-ported to 2.y<x and
> 2.y>x.

Probably.

> 
> Someone mentioned splitting the kernel into subsystems and auditing them
> in turn. While this would catch stuff like potential buffer overflows
> incomplete/lacking parameter validations

I honestly think we should at least at first, concentrate on security related
issue only.  most of the kernel bugs have very little if at all relation to
security.

Well, if a bug has caused the kernel to crash,. you can call it DoS (if a 
user can reproduce it). 

How many user-controllable buffer overruns do you know have been found
or not yet found in the kernel?

> it won't catch design bugs and
> thinkos in the interaction of the subsystems.
> 

I really think these are for the developers to find, don't you agree?


	Marc.

Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/