[2348] in linux-security and linux-alert archive
[linux-security] Mission statement for LKAP(Linux Kernel Auditing Project)
daemon@ATHENA.MIT.EDU (Bryan Paxton)
Sat Jun 10 13:39:00 2000
From: Bryan Paxton <evil7@bellsouth.net>
X-Reply-To: evil7@bellsouth.net
To: securedistros@nl.linux.org, security-audit@ferret.lmh.ox.ac.uk,
lwn@lwn.net, linux-security@redhat.com, seifried@securityportal.com,
BUGTRAQ@SECURITYFOCUS.COM
Date: Fri, 9 Jun 2000 00:43:30 -0500
Content-Type: text/plain
Cc: kernel-audit@nl.linux.org, kernelnewbies@humbolt.nl.linux.org
MIME-Version: 1.0
Message-Id: <00060900513906.01508@sQa.speedbros.org>
Content-Transfer-Encoding: quoted-printable
Resent-From: linux-security@redhat.com
######################### kernel auditing project #######################=
####
This is a mission statement for a project under way and ready to get goin=
g.
The Linux kernel auditing project(LKAP).=20
The purpose of this project is self-explanatory. It's an attempt to audit=
the
linux kernel for any security vulnerabilities and/or holes and/or possibl=
e=20
vulnerabilities and/or possible holes, and of course without adding more =
bugs or
drawbacks to the existing kernels. The suggested kernels to be audited ar=
e=20
2.0.x kernel series , 2.2.x kernel series, and the 2.3.x/2.4.x kernel ser=
ies.
The group and it's work shall be dealt and worked with via a mailing list=
=2E=20
How to subscribe:
echo subscribe kernel-audit | mail majordomo@nl.linux.org
I feel that this project should have been done a long time ago, not to im=
ply that
the linux kernel is insecure, but for example the setuid() hole found on =
June 7=20
which affected all 2.2.x kernels. This bug was patched in a matter of hou=
rs
(isn't open source great!). But here's the point, the flaw/function/hole=20
should _NOT_ have existed in the first place. Which is where this project=
comes
into place.=20
There's a few things that differ from this project compared to a few ot=
hers=20
that are similar.=20
1) To audit the kernel src code without affecting/breaking/disrupting any=
other
part of the kernel. These will not be additional patches you can download=
s
(add-ons). This auditing is dealing with the current code in the src, not=
adding
or implementing new functions.=20
2) To educate kernel developers/hackers on how to securely write code. It=
is
my hopes that kernel developers/hackers new and old will subscribe and po=
st to=20
this mailing list with questions and share information,=20
and to simply get help with their code(e.g.: Could this function() cause =
a=20
possible security hole or lead to an exploit ?"), this is the true power =
of
open source and GNU/Linux
3) To be ahead of the game... A perfect example of this are certain propr=
ietary
Operating Systems who sit around and wait for a security bug to come to t=
hem=20
and not go to bug themselves. Of course this needs no explanation as to w=
hy this
never works. I feel that kernel developers/hackers are down to earth and =
pretty
logical people and realize that Linux is _NOT_ perfect, that a lot of the=
code
they write, submit, and gets plugged into the kernel is not flawless and =
more
than likely could be improved for security reasons.
4) To provide an operating system to the public. I want to see a linux wh=
ere
the sysadmin doesn't have to watch his back all the time in fear of say s=
ome
new knfsd exploit or a way to fork()bomb his/her router via a simple mist=
ake
in buffer.c=20
5) To provide a safe linux to the end-user.. Linux is slowly but surely b=
ecoming
a choice for the desktop user. Most of these users are walking into linux=
with
no knowledge of what potential dangers lie at their finger tips and in th=
eir=20
hard drive. Linux has proven to be one of the most secure operating syste=
ms, but
I feel as linux becomes more popular with the general public this will ch=
ange,=20
that more kernel security holes and exploits will arise from nowhere and =
give=20
us a very unpleasant reality check.=20
And at last, this will be no easy project, security auditing never is.=20
It takes man power, skill, and just plain aching time. But I believe if t=
he
community of gets together on this one, nothing will stop us and Linux wi=
ll=20
go on to become the #1 security wise operating system to do this date.
Sincerely=20
Bryan Paxton
How to subscribe:
echo subscribe kernel-audit | mail majordomo@nl.linux.org
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
