diff options
| -rw-r--r-- | open_issues/code_analysis.mdwn | 31 | ||||
| -rw-r--r-- | open_issues/locking.mdwn | 25 | ||||
| -rw-r--r-- | open_issues/security.mdwn | 34 | ||||
| -rw-r--r-- | security.mdwn | 11 |
4 files changed, 79 insertions, 22 deletions
diff --git a/open_issues/code_analysis.mdwn b/open_issues/code_analysis.mdwn new file mode 100644 index 00000000..98447e98 --- /dev/null +++ b/open_issues/code_analysis.mdwn @@ -0,0 +1,31 @@ +[[!meta copyright="Copyright © 2010 Free Software Foundation, Inc."]] + +[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable +id="license" text="Permission is granted to copy, distribute and/or modify this +document under the terms of the GNU Free Documentation License, Version 1.2 or +any later version published by the Free Software Foundation; with no Invariant +Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license +is included in the section entitled [[GNU Free Documentation +License|/fdl]]."]]"""]] + +There is static and dynamic code analysis. + + * [[GCC]]'s warnings. Yes, really. + + * Coccinelle + + * <http://lwn.net/Articles/315686/> + + * <http://www.google.com/search?q=coccinelle+analysis> + + * clang + + * <http://www.google.com/search?q=clang+analysis> + + * Linux' sparse + + * <https://sparse.wiki.kernel.org/> + + * <http://klee.llvm.org/> + + * <http://blog.llvm.org/2010/04/whats-wrong-with-this-code.html> diff --git a/open_issues/locking.mdwn b/open_issues/locking.mdwn index 1717133a..11a10524 100644 --- a/open_issues/locking.mdwn +++ b/open_issues/locking.mdwn @@ -28,26 +28,13 @@ runtime. Or implementing a [[unit testing]] framework that explicitly checks locking in various code paths. (The latter could serve as a template for implementing unit tests in other parts of the Hurd codebase...) -(A systematic code review would probably suffice to find the existing locking +(A [[systematic code review|security]] would probably suffice to find the +existing locking issues; but it wouldn't document the work in terms of actual code produced, and thus it's not suitable for a GSoC project...) -This task requires experience with debugging locking issues in multithreaded -applications. +This task requires experience with debugging locking issues in +[[multithreaded|multithreading]] applications. -Tools have been written for static code analysis, than can help to locate -and fix such errors. - - * Coccinelle - - * <http://lwn.net/Articles/315686/> - - * <http://www.google.com/search?q=coccinelle+analysis> - - * clang - - * <http://www.google.com/search?q=clang+analysis> - - * Linux' sparse - - * <https://sparse.wiki.kernel.org/> +Tools have been written for automated [[code analysis]]; these can help to +locate and fix such errors. diff --git a/open_issues/security.mdwn b/open_issues/security.mdwn new file mode 100644 index 00000000..055c8bdc --- /dev/null +++ b/open_issues/security.mdwn @@ -0,0 +1,34 @@ +[[!meta copyright="Copyright © 2010 Free Software Foundation, Inc."]] + +[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable +id="license" text="Permission is granted to copy, distribute and/or modify this +document under the terms of the GNU Free Documentation License, Version 1.2 or +any later version published by the Free Software Foundation; with no Invariant +Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license +is included in the section entitled [[GNU Free Documentation +License|/fdl]]."]]"""]] + +There are [[several aspects to security|/security]] that are (mainly) relevant +to the design space. + +There are also security issues in the implemenation space, for example using +the correct coding paradigms. + +Large parts of our code base have not beed audited, either manually or in an +automated fashion. + +[[Unit testing]] is one aspect: testing for reliably failing for invalid input. + +[[Code analysis]] is another aspect. + +All publically usable interfaces provide attacking targets. This includes all +[[system call]]s and [[RPC]] interfaces. + +Fuzzing techniques can be use for locating possible issues. + + * <http://lwn.net/Articles/414273/> + + * Has already been used in the 70s / 80s (?) for testing [[UNIX]] command + line tools. + + * <http://www.ece.cmu.edu/~koopman/ballista/> diff --git a/security.mdwn b/security.mdwn index 0e22df00..222c4a68 100644 --- a/security.mdwn +++ b/security.mdwn @@ -1,12 +1,13 @@ -[[!meta copyright="Copyright © 2007, 2008 Free Software Foundation, Inc."]] +[[!meta copyright="Copyright © 2007, 2008, 2010 Free Software Foundation, +Inc."]] [[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable id="license" text="Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license -is included in the section entitled -[[GNU Free Documentation License|/fdl]]."]]"""]] +is included in the section entitled [[GNU Free Documentation +License|/fdl]]."]]"""]] Alan Karp [identifies][1] 11 security questions: @@ -58,3 +59,7 @@ Online non-overt channels (both covert & side) are auditory: Offline non-overt channels are olfactory: * Bob can smell that Kilroy was here, even if Kilroy is asleep or dead. + +--- + +[[Open Issues related to security|open_issues/security]]. |