Linux Security Summit 2012/Abstracts/Cook

From Linux Kernel Security Subsystem
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Title

Finding kernel vulnerabilities using Coccinelle

Presenter

Kees Cook, Google

Abstract

The "spatch" tool gets a lot of use in the kernel already for making wide changes, or for finding bugs and anti-patterns. Finding security flaws is, of course, also possible. This presentation will show how several Coccinelle rules were developed and used in finding various kernel vulnerabilities both large (CVE-2010-2962, CVE-2010-2963) and small (CVE-2010-4655, CVE-2010-4656). Finally, we will open a discussion on how to continue to expand the corpus and keep it running against new kernel releases.

Slides

[1]