On 05/12/2015 02:04 AM, a...@keemail.me wrote:
Hello!
I'm interested in the security audit performed by Solar Designer in
2005, which is mentioned in the "Security" section of the openvz website.
Is there a reason why it's still not publicly available?
It was never meant to be released to the general public, it was an
internal audit.
Having said, I can share some details I do remember. It was OpenVZ
2.6.8-based kernel,
and Solar used a few different techniques, both advanced (like fuzzy
syscall testing) and
simple (good ol' source code reading). He was able to find one bug
specific to OpenVZ,
which was immediately fixed, and three security vulnerabilities that
were not
OpenVZ-specific and came from the upstream kernel -- those were also
reported,
fixed in upstream and backported to our kernel. That's pretty much it.
Note Solar also uses OpenVZ kernels in Openwall GNU/*/Linux distro
(http://www.openwall.com/Owl/).
Kir.
_______________________________________________
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users