-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Adrian Bunk wrote: > On Mon, Jan 17, 2005 at 02:47:32AM -0500, John Richard Moser wrote: > [...] > > What exactly do you want to audit for? > Security holes > If it's only for "ordinary" bugs, that's simply not feasible. > The amount of patches going into 2.6 is currently at about 3 MB every > week. You can hardly keep up with all of that - and even if you were > able to do so, some theoretically correct patch might break in practice > due to hardware bugs or bugs in some toolchain. > Understood. > Regarding security audits: > They aren't a bad idea, and not bound to new patches - much legacy code > in the kernel has for sure more bugs than new code. The linus-kernel way > for such a project is not to scream "We need SOMETHING" - the > linux-kernel way is that you start with the work to get the ball rolling > (and if other people are interested to work in the same area, give them > some guidance). > I'm nowhere near being able to actually do a security audit. I understand what an audit is, I understand what causes vulnerabilities, but I'd probably only be able to see the most obvious things (like strcpy(a,"Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") into a[4]). If I had a few more years of experience, college out of the way, a good job, and had some of my other projects moving along, maybe. . . . > cu > Adrian > - -- All content of all messages exchanged herein are left in the Public Domain, unless otherwise explicitly stated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB6/61hDd4aOud5P8RAiTiAJ4jUrPCHj3f+NT5RsgKUGUXO4PSGQCfXW3E SWJkAfcoqcbW9hD2Ew33R18= =hnty -----END PGP SIGNATURE----- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
