From eccf2986513cc41c412b1c30aa5dcb88a4c981b5 Mon Sep 17 00:00:00 2001 From: Thomas Schwinge Date: Mon, 29 Nov 2010 07:58:51 +0100 Subject: Add links to some LWN articles, and then some. --- open_issues/locking.mdwn | 53 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 open_issues/locking.mdwn (limited to 'open_issues/locking.mdwn') diff --git a/open_issues/locking.mdwn b/open_issues/locking.mdwn new file mode 100644 index 00000000..1717133a --- /dev/null +++ b/open_issues/locking.mdwn @@ -0,0 +1,53 @@ +[[!meta copyright="Copyright © 2008, 2009, 2010 Free Software Foundation, +Inc."]] + +[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable +id="license" text="Permission is granted to copy, distribute and/or modify this +document under the terms of the GNU Free Documentation License, Version 1.2 or +any later version published by the Free Software Foundation; with no Invariant +Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license +is included in the section entitled [[GNU Free Documentation +License|/fdl]]."]]"""]] + +[[!tag open_issue_hurd]] + +Every now and then, new locking issues are discovered in +[[hurd/libdiskfs]] or [[hurd/translator/ext2fs]], for example. Nowadays +these in fact seem to be the most often encountered cause of Hurd crashes +/ lockups. + +One of these could be traced +recently, and turned out to be a lock inside [[hurd/libdiskfs]] that was taken +and not released in some cases. There is reason to believe that there are more +faulty paths causing these lockups. + +The task is systematically checking the [[hurd/libdiskfs]] code for this kind of locking +issues. To achieve this, some kind of test harness has to be implemented: For +example instrumenting the code to check locking correctness constantly at +runtime. Or implementing a [[unit testing]] framework that explicitly checks +locking in various code paths. (The latter could serve as a template for +implementing unit tests in other parts of the Hurd codebase...) + +(A systematic code review would probably suffice to find the existing locking +issues; but it wouldn't document the work in terms of actual code produced, and +thus it's not suitable for a GSoC project...) + +This task requires experience with debugging locking issues in multithreaded +applications. + +Tools have been written for static code analysis, than can help to locate +and fix such errors. + + * Coccinelle + + * + + * + + * clang + + * + + * Linux' sparse + + * -- cgit v1.2.3 From 6de855d9a8f8c25ffe6ad118012bd9a74e6c13fe Mon Sep 17 00:00:00 2001 From: Thomas Schwinge Date: Mon, 29 Nov 2010 12:21:36 +0100 Subject: open_issues/security: New. --- open_issues/code_analysis.mdwn | 31 +++++++++++++++++++++++++++++++ open_issues/locking.mdwn | 25 ++++++------------------- open_issues/security.mdwn | 34 ++++++++++++++++++++++++++++++++++ security.mdwn | 11 ++++++++--- 4 files changed, 79 insertions(+), 22 deletions(-) create mode 100644 open_issues/code_analysis.mdwn create mode 100644 open_issues/security.mdwn (limited to 'open_issues/locking.mdwn') diff --git a/open_issues/code_analysis.mdwn b/open_issues/code_analysis.mdwn new file mode 100644 index 00000000..98447e98 --- /dev/null +++ b/open_issues/code_analysis.mdwn @@ -0,0 +1,31 @@ +[[!meta copyright="Copyright © 2010 Free Software Foundation, Inc."]] + +[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable +id="license" text="Permission is granted to copy, distribute and/or modify this +document under the terms of the GNU Free Documentation License, Version 1.2 or +any later version published by the Free Software Foundation; with no Invariant +Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license +is included in the section entitled [[GNU Free Documentation +License|/fdl]]."]]"""]] + +There is static and dynamic code analysis. + + * [[GCC]]'s warnings. Yes, really. + + * Coccinelle + + * + + * + + * clang + + * + + * Linux' sparse + + * + + * + + * diff --git a/open_issues/locking.mdwn b/open_issues/locking.mdwn index 1717133a..11a10524 100644 --- a/open_issues/locking.mdwn +++ b/open_issues/locking.mdwn @@ -28,26 +28,13 @@ runtime. Or implementing a [[unit testing]] framework that explicitly checks locking in various code paths. (The latter could serve as a template for implementing unit tests in other parts of the Hurd codebase...) -(A systematic code review would probably suffice to find the existing locking +(A [[systematic code review|security]] would probably suffice to find the +existing locking issues; but it wouldn't document the work in terms of actual code produced, and thus it's not suitable for a GSoC project...) -This task requires experience with debugging locking issues in multithreaded -applications. +This task requires experience with debugging locking issues in +[[multithreaded|multithreading]] applications. -Tools have been written for static code analysis, than can help to locate -and fix such errors. - - * Coccinelle - - * - - * - - * clang - - * - - * Linux' sparse - - * +Tools have been written for automated [[code analysis]]; these can help to +locate and fix such errors. diff --git a/open_issues/security.mdwn b/open_issues/security.mdwn new file mode 100644 index 00000000..055c8bdc --- /dev/null +++ b/open_issues/security.mdwn @@ -0,0 +1,34 @@ +[[!meta copyright="Copyright © 2010 Free Software Foundation, Inc."]] + +[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable +id="license" text="Permission is granted to copy, distribute and/or modify this +document under the terms of the GNU Free Documentation License, Version 1.2 or +any later version published by the Free Software Foundation; with no Invariant +Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license +is included in the section entitled [[GNU Free Documentation +License|/fdl]]."]]"""]] + +There are [[several aspects to security|/security]] that are (mainly) relevant +to the design space. + +There are also security issues in the implemenation space, for example using +the correct coding paradigms. + +Large parts of our code base have not beed audited, either manually or in an +automated fashion. + +[[Unit testing]] is one aspect: testing for reliably failing for invalid input. + +[[Code analysis]] is another aspect. + +All publically usable interfaces provide attacking targets. This includes all +[[system call]]s and [[RPC]] interfaces. + +Fuzzing techniques can be use for locating possible issues. + + * + + * Has already been used in the 70s / 80s (?) for testing [[UNIX]] command + line tools. + + * diff --git a/security.mdwn b/security.mdwn index 0e22df00..222c4a68 100644 --- a/security.mdwn +++ b/security.mdwn @@ -1,12 +1,13 @@ -[[!meta copyright="Copyright © 2007, 2008 Free Software Foundation, Inc."]] +[[!meta copyright="Copyright © 2007, 2008, 2010 Free Software Foundation, +Inc."]] [[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable id="license" text="Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license -is included in the section entitled -[[GNU Free Documentation License|/fdl]]."]]"""]] +is included in the section entitled [[GNU Free Documentation +License|/fdl]]."]]"""]] Alan Karp [identifies][1] 11 security questions: @@ -58,3 +59,7 @@ Online non-overt channels (both covert & side) are auditory: Offline non-overt channels are olfactory: * Bob can smell that Kilroy was here, even if Kilroy is asleep or dead. + +--- + +[[Open Issues related to security|open_issues/security]]. -- cgit v1.2.3