Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <506CB547.9020102@linux.vnet.ibm.com>
Date: Wed, 03 Oct 2012 17:59:35 -0400
From: Corey Bryant <coreyb@...ux.vnet.ibm.com>
To: kernel-hardening@...ts.openwall.com, Kees Cook <keescook@...omium.org>,
        James Morris <jmorris@...ei.org>
CC: Julia Lawall <julia.lawall@...6.fr>, Theodore Tso <tytso@...gle.com>,
        Paul Moore <pmoore@...hat.com>, Eric Paris <eparis@...hat.com>,
        Tyler Hicks <tyhicks@...onical.com>, zohar@...ibm.com,
        john.johansen@...onical.com, Dan Carpenter <dan.carpenter@...cle.com>,
        Fengguang Wu <fengguang.wu@...el.com>
Subject: Re: Re: Linux Security Workgroup



On 10/02/2012 06:17 PM, Kees Cook wrote:
> On Tue, Oct 2, 2012 at 9:44 AM, Corey Bryant <coreyb@...ux.vnet.ibm.com> wrote:
>>
>>
>> On 10/02/2012 12:23 PM, Kees Cook wrote:
>>>
>>> On Thu, Sep 27, 2012 at 12:26 PM, Corey Bryant
>>> <coreyb@...ux.vnet.ibm.com> wrote:
>>>>
>>>> At the Linux Security Summit we began discussing the Linux Security
>>>> Workgroup and some of the efforts that we can focus on.
>>>>
>>>> The charter of the workgroup is to provide on-going security
>>>> verification of Linux kernel subsystems in order to assist in securing
>>>> the
>>>> Linux Kernel and maintain trust and confidence in the security of the
>>>> Linux
>>>> ecosystem.
>>>>
>>>> This may include, but is not limited to, topics such as tooling to assist
>>>> in
>>>> securing the Linux Kernel, verification and testing of critical
>>>> subsystems
>>>> for vulnerabilities, security improvements for build tools, and providing
>>>> guidance for maintaining subsystem security.
>>>
>>>
>>> Thanks for getting this rolling!
>>>
>>> What are the next steps? Does it make sense to try to gather a list of
>>> active projects to try and see where things currently stand? (i.e who
>>> is actively running smatch, trinity, etc?) Or to call attention to a
>>> specific subsystem that needs direct auditing (e.g. KVM)?
>>>
>>> -Kees
>>>
>>
>> No problem, thanks for the input!
>>
>> I think having a list of active projects is a good place to start.
>
> I know Dan Carpenter is running smatch, as well as Fengguang Wu.
> Getting details on which trees are being scanned would be good.
>
> I know Fengguang Wu is running trinity too.
>
> There is a collection of coccinelle scripts in the tree, but I'm not
> sure if/when those are getting run by anyone. Julia, do you know if
> those are being regularly run?
>

Great, thanks for the info.

>> Perhaps we can also add desired projects to this list, and if anyone has
>> cycles to cover a project they can put their name to the project.
>
> I was keeping a list of potential hardening work here:
> https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#Upstream_Hardening
> some of it is out of date.
>

Ok so I guess it doesn't make sense to re-invent these details on 
another wiki.  Although in the long run it may be nice to have 
everything in one place (active projects and desired projects).

>> I'm personally trying to get time allocated to work on KVM fuzzing and/or
>> static analysis in 2013.
>
> Sounds good.
>
>> A wiki probably makes sense for the list.  Google sites has wikis.  I can
>> start one there unless there are other ideas.
>
> Kernel.org hosts wikis as well, and James Morris already has
> http://kernsec.org/. Perhaps we can use that? James, would this be
> something you'd be okay with?

That sounds good to me if it's okay with James.

-- 
Regards,
Corey Bryant

>
> Thanks,
>
> -Kees
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.