On Fri, Mar 11, 2005 at 07:32:12PM +0000, Steve Kemp wrote:
>
> I'm thinking that it would be nice to get more direction in the
> auditing, as that's somehting that has been lacking up till now.
Yes, agreed.
> I think that there are a couple of areas that could be approached
> in a directed fashion:
>
> * Command line overflows, via fuzz testing.
> * Rebuilding the archive with the perl scanning modules distributed here.
What do you mean by this last one? Do you mean setting up a buildd daemon
and running Rats/Flawfinder over the packages code?
> * Looking at CGI parameter passing.
> * SQL injection attacks, PHP especially.
> * Insecure execution via popen/system.
>
> I'm thinking that right now the first one should be almost painless
> to test against given enough time and enough disk space. There exist
> several tools to automatically invoke applications with "random"
> arguments and look for crashes.
I can provide disk space and my system is not doing anything CPU intensive,
I also hold a local Debian mirror at home.
> The other ones could be tested for fairly easily too, albeit doing
> all the programs would be a considerable effort.
Well, I actually did do the work for running Rats/Flawfinder against the
whole archive, and still have the result (~1G of data) the problem is, the
results are not really that useful, too many false positives. It could be
useful if setup in a way similar to lintian.debian.org as a service to the
community. I.e. making all the reports public so developers can review
them.
> Does anybody want to volunteer to work with me in a specific area,
> or have any suggestions for new things to look at?
Sure, I can volunteer. I've had some experience with setting up my own
buildd at home and can offer my local system for the crunching of stuff,
data could then moved over to some other place for review.
Regards
Javier