Hi Dawson,
Excellent project.
Can I suggest that you check for signedness issues? A typical signature of
a signedness problem is:
int i = get_from_userspace_somehow();
/* Sanity check i */
if (i > MAX_LEN_FOR_I)
goto bad_bad_out;
/* Bug here!! i can be negative! */
I suspect you find a lot of these sort of errors. I've already nailed a
few.
Cheers
Chris
On Fri, 13 Apr 2001, Dawson Engler wrote:
>
> We're looking at making a set of security checkers. Does anyone have
> suggestions for good things to go after in addition to the usual
> copy_*_user and buffer overrun bugs? For example, are there any
> documents that describe the rules for when/how 'capable' is supposed to
> be used?
>
> Thanks for any help,
> Dawson
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 15 2001 - 21:00:21 EST