summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Schwinge <thomas@schwinge.name>2010-11-29 12:21:36 +0100
committerThomas Schwinge <thomas@schwinge.name>2010-11-29 12:21:36 +0100
commit6de855d9a8f8c25ffe6ad118012bd9a74e6c13fe (patch)
tree8dc472f68e0ccc942d94f2aa47bb7320eb99f989
parente3a296dd0399b1fd274f6d1a33c6286509ee6e46 (diff)
open_issues/security: New.
-rw-r--r--open_issues/code_analysis.mdwn31
-rw-r--r--open_issues/locking.mdwn25
-rw-r--r--open_issues/security.mdwn34
-rw-r--r--security.mdwn11
4 files changed, 79 insertions, 22 deletions
diff --git a/open_issues/code_analysis.mdwn b/open_issues/code_analysis.mdwn
new file mode 100644
index 0000000..98447e9
--- /dev/null
+++ b/open_issues/code_analysis.mdwn
@@ -0,0 +1,31 @@
+[[!meta copyright="Copyright © 2010 Free Software Foundation, Inc."]]
+
+[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
+id="license" text="Permission is granted to copy, distribute and/or modify this
+document under the terms of the GNU Free Documentation License, Version 1.2 or
+any later version published by the Free Software Foundation; with no Invariant
+Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license
+is included in the section entitled [[GNU Free Documentation
+License|/fdl]]."]]"""]]
+
+There is static and dynamic code analysis.
+
+ * [[GCC]]'s warnings. Yes, really.
+
+ * Coccinelle
+
+ * <http://lwn.net/Articles/315686/>
+
+ * <http://www.google.com/search?q=coccinelle+analysis>
+
+ * clang
+
+ * <http://www.google.com/search?q=clang+analysis>
+
+ * Linux' sparse
+
+ * <https://sparse.wiki.kernel.org/>
+
+ * <http://klee.llvm.org/>
+
+ * <http://blog.llvm.org/2010/04/whats-wrong-with-this-code.html>
diff --git a/open_issues/locking.mdwn b/open_issues/locking.mdwn
index 1717133..11a1052 100644
--- a/open_issues/locking.mdwn
+++ b/open_issues/locking.mdwn
@@ -28,26 +28,13 @@ runtime. Or implementing a [[unit testing]] framework that explicitly checks
locking in various code paths. (The latter could serve as a template for
implementing unit tests in other parts of the Hurd codebase...)
-(A systematic code review would probably suffice to find the existing locking
+(A [[systematic code review|security]] would probably suffice to find the
+existing locking
issues; but it wouldn't document the work in terms of actual code produced, and
thus it's not suitable for a GSoC project...)
-This task requires experience with debugging locking issues in multithreaded
-applications.
+This task requires experience with debugging locking issues in
+[[multithreaded|multithreading]] applications.
-Tools have been written for static code analysis, than can help to locate
-and fix such errors.
-
- * Coccinelle
-
- * <http://lwn.net/Articles/315686/>
-
- * <http://www.google.com/search?q=coccinelle+analysis>
-
- * clang
-
- * <http://www.google.com/search?q=clang+analysis>
-
- * Linux' sparse
-
- * <https://sparse.wiki.kernel.org/>
+Tools have been written for automated [[code analysis]]; these can help to
+locate and fix such errors.
diff --git a/open_issues/security.mdwn b/open_issues/security.mdwn
new file mode 100644
index 0000000..055c8bd
--- /dev/null
+++ b/open_issues/security.mdwn
@@ -0,0 +1,34 @@
+[[!meta copyright="Copyright © 2010 Free Software Foundation, Inc."]]
+
+[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
+id="license" text="Permission is granted to copy, distribute and/or modify this
+document under the terms of the GNU Free Documentation License, Version 1.2 or
+any later version published by the Free Software Foundation; with no Invariant
+Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license
+is included in the section entitled [[GNU Free Documentation
+License|/fdl]]."]]"""]]
+
+There are [[several aspects to security|/security]] that are (mainly) relevant
+to the design space.
+
+There are also security issues in the implemenation space, for example using
+the correct coding paradigms.
+
+Large parts of our code base have not beed audited, either manually or in an
+automated fashion.
+
+[[Unit testing]] is one aspect: testing for reliably failing for invalid input.
+
+[[Code analysis]] is another aspect.
+
+All publically usable interfaces provide attacking targets. This includes all
+[[system call]]s and [[RPC]] interfaces.
+
+Fuzzing techniques can be use for locating possible issues.
+
+ * <http://lwn.net/Articles/414273/>
+
+ * Has already been used in the 70s / 80s (?) for testing [[UNIX]] command
+ line tools.
+
+ * <http://www.ece.cmu.edu/~koopman/ballista/>
diff --git a/security.mdwn b/security.mdwn
index 0e22df0..222c4a6 100644
--- a/security.mdwn
+++ b/security.mdwn
@@ -1,12 +1,13 @@
-[[!meta copyright="Copyright © 2007, 2008 Free Software Foundation, Inc."]]
+[[!meta copyright="Copyright © 2007, 2008, 2010 Free Software Foundation,
+Inc."]]
[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
id="license" text="Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no Invariant
Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license
-is included in the section entitled
-[[GNU Free Documentation License|/fdl]]."]]"""]]
+is included in the section entitled [[GNU Free Documentation
+License|/fdl]]."]]"""]]
Alan Karp [identifies][1] 11 security questions:
@@ -58,3 +59,7 @@ Online non-overt channels (both covert & side) are auditory:
Offline non-overt channels are olfactory:
* Bob can smell that Kilroy was here, even if Kilroy is asleep or dead.
+
+---
+
+[[Open Issues related to security|open_issues/security]].