From owner-kernel-audit@nl.linux.org Sat Feb  3 17:21:41 2001
Received: by humbolt.nl.linux.org id <S92228AbRBCQTM>;
	Sat, 3 Feb 2001 17:19:12 +0100
Received: from [210.182.45.4] ([210.182.45.4]:30301 "EHLO
        exoedms.exofresh.co.kr") by humbolt.nl.linux.org with ESMTP
	id <S92219AbRBCQRz>; Sat, 3 Feb 2001 17:17:55 +0100
Received: from max1-46.losangeles.corecomm.net_[216.214.106.174] (max1-46.losangeles.corecomm.net [216.214.106.174]) by exoedms.exofresh.co.kr with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id 1BZWYZXK; Sat, 3 Feb 2001 23:23:25 +0900
Received: from  by max1-46.losangeles.corecomm.net with ESMTP; Sat, 03 Feb 2001 06:30:03 -0800
Message-ID: <000057c721b0$00003219$000007f4@>
To:     <Undisclosed Recipients>
From:   hk67hk89@yahoo.com
Subject: .                         2036
Date:   Sat, 03 Feb 2001 06:30:03 -0800
MIME-Version: 1.0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
Sender: owner-kernel-audit@nl.linux.org
Precedence: bulk
Return-Path: <owner-kernel-audit@nl.linux.org>
X-Orcpt: rfc822;kernel-audit-list

<HTML>
<BODY>
vLink=3D#0000ff>
<BR>
<BR>
<BR>
<BR>
<BR>
<TABLE border=3D0 cellPadding=3D0 cellSpacing=3D0 width=3D600>
  <TBODY>
  <TR bgColor=3D#e6decc>
    <TD colSpan=3D4 height=3D14>&nbsp;</TD></TR>
  <TR>
    <TD bgColor=3D#e6decc rowSpan=3D4 width=3D14>&nbsp;</TD>
    <TD width=3D390><IMG height=3D140 
      src=3D"http://www.premierldn.net/images2/PMlogo.gif" vspace=3D10 wid=
th=3D359></TD>
    <TD width=3D182><FONT color=3D#9c63ce 
      face=3D"Arial black,Helvetica black,sans-serif" size=3D5>
      <CENTER>YOU SAVE <BR><FONT color=3D#ff0000 size=3D6>20% to 50%</FONT=
><BR>ON 
      YOUR <BR>PHONE BILL <BR>EACH MONTH!</CENTER></FONT></TD>
    <TD bgColor=3D#e6decc rowSpan=3D4 width=3D14>&nbsp;</TD></TR>
  <TR>
    <TD colSpan=3D2><FONT color=3D#ff0000 
      face=3D"Arial black,Helvetica black,sans-serif" size=3D4>
      <CENTER>. . . and we'll donate 5% of your monthly phone bill<BR>to t=
he 
      charity of your choice!</CENTER></FONT><BR></TD>
  <TR>
    <TD width=3D390>
      <BLOCKQUOTE><FONT color=3D#316331 face=3Darial,helvetica size=3D4>
        <LI>NO Monthly Service Charge!<BR>
        <LI>NO Installation Fees!<BR>
        <LI>Billed in 6 Second Increments!<BR>
        </FONT><LI><FONT color=3D#316331 face=3Darial,helvetica size=3D4>O=
nly 6.9=FFFFFFA2 Per Minute Interstate 24 Hours / 7 Days a 
        Week!<BR><BR><FONT color=3D#ff0000 face=3D"arial black,helvetica b=
lack" 
        size=3D5>SAVE 20% to 50%</FONT> <BR><B>on Your Phone Bill Each Mon=
th!</B> 
        </font><BR><BR><A 
        href=3D"http://www.premierldn.net/images2/applicationC.gif" 
        target=3Dnew><B>Click here to view and print form</B></A><BR><BR><=
FONT 
        color=3D#000000 face=3DArial size=3D2>NOTE: After the form loads o=
n your 
        screen, simply click the "print" button on your browser, fill out =
the 
        form and fax to <B>1-800-377-2125.</B></FONT><BR><BR></LI></BLOCKQ=
UOTE></TD>
    <TD vAlign=3Dtop width=3D182><BR>
      <CENTER><IMG height=3D194 src=3D"http://www.premierldn.net/images2/p=
hotos.gif" 
      width=3D106></CENTER><BR><BR></TD></TR>
  <TR>
    <TD colSpan=3D2>
      <BLOCKQUOTE><BR><FONT color=3D#006331 face=3DArial size=3D3>
        <OL>
          <LI><B>No monthly service charge</B> and no installation fees (s=
avings 
          $3.95 - $8.95 per month) 
          <LI><B>Charges 6 second increments, not 60 seconds</B> (savings =
on 
          average of 27 seconds billing on every call) 
          <LI><B>Low intrastate rates</B> (saving you money on expensive c=
alls 
          within your own state) 
          <LI><B>Rates are the same every day</B> and <B>every hour - 6.9=FF=
FFFFA2!</B> 
          (saving you on expensive day rates of up to 25 cents per minute)=
 
          <LI>Add <B>Toll free "800" service </B>to existing lines or cell=
 
          phones at no additional installation charge or monthly fees and =
only 
          6.9=FFFFFFA2 per minute interstate.<BR>
          <LI><B>Calling cards are available</B> (16.5=FFFFFFA2 per minute=
, 6-second 
          increment billing) with no NBS surcharges for your calls and no =
charge 
          for the card(s). <BR></LI></OL><B>Sound too good to be true? Wel=
l, it's 
        not . . . it's true!</B><BR><BR><B>The bottom line:</B> AT&amp;T, 
        Sprint, MCI/Worldcom bills will be higher when all the charges are=
 
        added. You can easily save $100, $200, or more per year on your lo=
ng 
        distance bills, depending on your calling habits.<BR><BR><A 
        href=3D"http://www.premierldn.net/images2/applicationC.gif" 
        target=3Dnew><B>Click here to view and print form</B></A><BR><BR><=
FONT 
        color=3D#000000 face=3DArial size=3D2>NOTE: After the form loads o=
n your 
        screen, simply click the "print" button on your browser, fill out =
the 
        form and fax to <B>1-800-377-2125.</B> (Federal regulations requir=
e your 
        signature.)</FONT><BR><BR><FONT color=3D#ff0000><B>5% of your mont=
hly 
        phone bill goes to help and support the following charitable 
        organizations:</B><BR><BR>
        <UL>
          <LI>Make a Wish Foundation<BR>
          <LI>St. Judes Children's Hospital<BR>
          <LI>The Miracle Network<BR>
          <LI>Compassion International <BR>
          <LI>or the charity of YOUR choice!<BR></LI></UL></FONT></FONT>
        <p><FONT color=3D#006331 face=3DArial size=3D3><BR>
          <B>Ask for your toll free number(s) on the form. <BR>
          Get a calling card if you wish. <BR>
          Don't wait, just do it today. <BR>
          You'll be glad you did!</B></FONT><BR>
        </p>
        <p>If you would like to be removed, please email us back with the =
word 
          &quot;Remove&quot; in the subject line. We apologize for any inc=
onvenience.<BR>
          <BR>
        </p>
      </BLOCKQUOTE></TD>
  <TR bgColor=3D#e6decc>
    <TD colSpan=3D4 height=3D14>&nbsp;</TD></TR></TBODY></TABLE></BODY></H=
TML>
<p><p><p><p><p><p><p><p><p><p>





<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><p><HTML><HE=
AD><TITLE>Premier Long Distance Network - A phone company that makes CENTS=
!</TITLE><p><META content=3D"text/html; charset=3Diso-8859-1" http-equiv=3D=
Content-Type><p><META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR><=
/HEAD><p><BODY aLink=3D#0000ff bgColor=3D#ffffff link=3D#0000ff text=3D#00=
0000 <p><p><p><p><p>
</BODY>
</HTML>



Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/

From owner-kernel-audit@nl.linux.org Wed Feb  7 19:24:32 2001
Received: by humbolt.nl.linux.org id <S92269AbRBGSXE>;
	Wed, 7 Feb 2001 19:23:04 +0100
Received: from terra.geo.uu.nl ([131.211.29.16]:24572 "EHLO terra.geo.uu.nl")
	by humbolt.nl.linux.org with ESMTP id <S92192AbRBGSWe>;
	Wed, 7 Feb 2001 19:22:34 +0100
Received: from polaris.net (nexus.polaris.net [199.44.34.2])
	by terra.geo.uu.nl (8.9.3/8.9.3/TvZ) with ESMTP id TAA18113
	for <kernel-audit@humbolt.nl.linux.org>; Wed, 7 Feb 2001 19:22:32 +0100 (MET)
Received: from localhost by polaris.net (8.9.2/8.7.6) with SMTP id NAA08811 for <kernel-audit@humbolt.nl.linux.org>; Wed, 7 Feb 2001 13:22:21 -0500 (EST)
Date:   Wed, 7 Feb 2001 13:22:20 -0500 (EST)
From:   "E. Ratliff" <ratliff@polaris.net>
To:     kernel-audit@nl.linux.org
Subject: Update and place to start
Message-ID: <Pine.GS4.4.00.10102071306110.1009-100000@nexus.polaris.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-kernel-audit@nl.linux.org
Precedence: bulk
Return-Path: <owner-kernel-audit@nl.linux.org>
X-Orcpt: rfc822;kernel-audit-list

Hi,

The source for 2.4.0 has been put into CVS on sourceforge. It will be
updated to 2.4.1 soon. I have run some of the tools against the code and
am putting the generated output in the "reports" module in CVS.
its4.report is there currently. ITS4 has a database of known
vulnerabilities and scans the code for them. It points out risky code, but
that doesn't necessarily mean that the code is buggy or vulnerable.
Nevertheless, it points out good places to begin auditing, so if you are
considering auditing some code and are looking for a good place to start,
pick a file that has an area marked "Urgent" or "Very Risky".

cccc is also an interesting tool, but I am not sure how much use it will
be. (As an aside, it has been running for 18 hours and has not yet
completely analyzed the kernel source.) It does output intermediate
results, and so far it says that McCabe's Cyclomatic Number is 37470. I
found a document that says that anything over 50 is considered extremely
risky and untestable, so I tried running cccc against some other source.
Of the code that I tested Dan Bernstein's publicfile has the lowest value
at 385. Postfix has a value of 6612. Bind is 4427. Bernstein's djbdns is
3029. Interestingly enough, Postfix has more than one comment per line of
code, while Bernstein's code has about 50 lines of code per comment. So
while it is a fun tool, do you have any insight on how exactly to use this
tool to help audit the source? (All of these other runs completed within a
few seconds.)

I will upload parts of the cccc output when the tool has completed its
run.

Happy auditing,

E.

E. Ratliff
ratliff@polaris.net


Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/