Difference between revisions of "Inactive Projects"

From Linux Kernel Security Subsystem
Jump to: navigation, search
(New page: There are a number of desired Linux Kernel hardening projects that are inactive and do not have an owner. This page gives details on some of them. If you are already contributing, or pla...)
 
m
Line 1: Line 1:
There are a number of desired Linux Kernel hardening projects that are inactive and do not have an owner.  This page gives details on some of them.  If you are already contributing, or plan to contribute, to one of these projects, please email the kernel-hardening mailing list at kernel-hardening@lists.openwall.com and mention what you're covering.
+
There are a number of desired Linux Kernel hardening projects that are inactive and do not have an owner.  This page gives details on some of them.  If you plan to contribute (or are already contributing) to one of these projects, please email the kernel-hardening mailing list at kernel-hardening@lists.openwall.com and mention what you're covering.
  
 
= Process Improvements =
 
= Process Improvements =

Revision as of 21:22, 12 November 2012

There are a number of desired Linux Kernel hardening projects that are inactive and do not have an owner. This page gives details on some of them. If you plan to contribute (or are already contributing) to one of these projects, please email the kernel-hardening mailing list at kernel-hardening@lists.openwall.com and mention what you're covering.

Process Improvements

Security Code Review Guidelines

This project is an effort to provide a reference that educates subsystem maintainers on what to look for when performing security reviews/audits. This would include various classes of common coding vulnerabilities and how to detect them, as well as other best practices, such as not leaving private keys laying around.

Patch Signing

This project would provide support to determine if patches have been modified or tampered since they were signed.

Verification of Critical Subsystems

This project would provide verification of critical subsystems such as:

  • Networking
  • Network file systems
  • KVM
  • Cryptographic library
  • Kernel build infrastructure

This could include approaches such as manual audits, static analysis, fuzzing testing, etc.