Date: Fri, 9 Jun 2000 15:06:13 -0500 (CDT)
From: Bryan Paxton <evil7@bellsouth.net>
The purpose of this project is self-explanatory. It's an attempt to
audit the Linux kernel for any security vulnerabilities and/or holes
and/or possible vulnerabilities and/or possible holes, and of course
without adding more bugs or drawbacks to the existing.
Great! I'm glad someone is going organize a security audit of the
kernel. In the userspace we can take advantage of the security audits
done by others, including OpenBSD, but in the kernel area we have to do
it ourselves.
I feel that this project should have been done a long time ago, not
to imply that the Linux kernel is insecure, but a case in which this
project would've helped would be the setuid() hole found on June 7
which affected all 2.2.x kernels. This bug was patched in a matter of
hours (isn't open source great!).
Actually, for the record, Wojciech Purczynski (wp@elzabsoft.pl)
contacted me and a few others on May 26th concerning the exploit.
Things were kept quiet for a week or two while a number of developers
discussed the best way of fixing the hole behind the scenes, and to give
various Linux vendors a chance to have patched kernels ready in time for
the public announcement of the hole on June 7th.
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:24 EST