os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/en/auditors.sgml
Alexey Zelkin 52e75b9c1a get rid of duplicate $FreeBSD$ line. &date; entity is more appropriate 
here than expanded $FreeBSD$ tag.
2001-07-16 16:15:20 +00:00

743 lines
19 KiB
Text
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY date "$FreeBSD: www/en/auditors.sgml,v 1.32 2001/07/13 12:52:11 dd Exp $">
<!ENTITY title "FreeBSD Source Auditing Project">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>
<html>
&header;
<h1>General Information</h1>
<em>&date;</em>
<h2>Overview</h2>
<p>In light of our recent (and still ongoing) security concerns, it has
become rather obvious that nothing less than a rigorous and
comprehensive security review of the FreeBSD source tree will enable us
to really have much confidence in the security of our operating system,
an OS that many have come increasingly to rely upon and must be made
more than reasonably secure if they are to continue to be able to do
so.</p>
<p>The sheer amount of legacy code & code from outside sources in FreeBSD
also makes it especially easy for security holes to go unnoticed until
it's rather too late, and no truly large-scale attempt has been made up
to this point to really go through the codebase with a specific focus on
security issues, that being a rather big project and most FreeBSD
developers being more than busy enough elsewhere. This situation must
now change, however, if we are to remain the kind of operating system
that people can continue to rely upon as the Internet continues to grow
and (I suspect) become an ever-more hostile environment for improperly
protected systems. Proper security is something of a cooperative
arrangement between the local administrator and the OS vendor, and this
"OS vendor" needs to do its part.</p>
<p>The core team's first step in becoming more serious about security was
to bring the project's security officer, <a
href="mailto:guido@FreeBSD.org">Guido van Rooij</a>, into the team so
that one of the "voices at the table" would have security as his primary
mandate and representation in all the important security mailing lists
external to the FreeBSD Project. He will also keep the rest of us in
core much more aware of security concerns as they arise, hopefully not
to be taken quite so by surprise as we have a few times in the past.</p>
<p>Our second step will be this audit, an attempt to methodically go
through every line of source in FreeBSD looking for obvious buffer
overflows (sprintf()/strcpy() vs snprintf()/strncpy() and so on), less
obvious security holes, instances of insufficiently defensive coding,
amusing comment strings to forward to freebsd-chat, whatever we run
across.</p>
<p>Using the
<a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/development/FreeBSD-CVS/CVSROOT/modules">
modules database</a> as an outline, we will split the source tree into
more manageable pieces, keeping a sign-up sheet in a prominent place so
that people can see which modules are covered and which are not. A
carefully selected team of individuals is now also being formed, that
team being composed of "auditors" and "reviewers" (most members of the
team being both). An auditor has principle responsibility, which may be
shared with another auditor, for actually going through the code and
looking for security holes and/or bugs. Once a reasonable pile of diffs
have been accumulated, assuming that any problems were found, they are
send to one or more reviewers who are responsible for giving the changes
another once-over and, if the auditor does not have commit privileges,
to actually commit the changes when & if they're deemed acceptable.</p>
<h2>Requirements:</h2>
<p>In order to be an auditor, you should either have commit privileges on
<em>freefall.FreeBSD.org</em> or an arrangement with another
auditor/reviewer who does. You should also be running or have immediate
access to <a
href="handbook/cutting-edge.html#CURRENT">FreeBSD-current</a> sources
since all of our changes will be made relative to that branch and then
brought back (as necessary) into the <strong>2.1</strong> and
<strong>2.2</strong> branches.</p>
<p>What to look for and what the general rules to follow are is
sufficiently complex that I have turned it into a <a
href="security/security.html">FreeBSD Security Guide</a>. Please read
this now if you haven't already. Other excellent documents are the <a
href="ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist">Secure
Programming Checklist</a> and the <a
href="ftp://ftp.auscert.org.au/pub/auscert/papers/unix_security_checklist">Unix
Security Checklist</a>, both available from AUSCERT.</p>
<h2>Sign-Up sheet:</h2>
<p>Here is the sign-up sheet as it sits so far. This is *very* skeletal
at this stage, given that we've just now started, and as people indicate
which module(s) they're willing to either audit or review, we'll fill it
in. If this tabular format also becomes unwieldy as it fills up, we can
change it or put it on a web page or something. :) I've left some sample
entries open just as place-holders, and they in no way imply that
someone has to be willing to pick up pieces that large.</p>
<p>Anything in the modules database represents a potential auditing target
- from ones as small as "cat" to ones as large as "lib", the most
important being that people bite off pieces no larger than they think
they can chew. If you take 15 things onto your plate and deal with only
5, you're not doing anyone any favors since the other auditors will be
assuming that the other 10 items are handled!</p>
To sign up for something, please send mail to <a
href="mailto:jmb@FreeBSD.org"> jmb@FreeBSD.org</a>.
<p></p>
<table border="2" CELLPADDING="3">
<tr>
<th>Module</th>
<th>Auditor(s)</th>
<th>Reviewer(s)</th>
<th>Status</th>
</tr>
<tr>
<td><a href="mailto:audit-bin@FreeBSD.ORG">bin</a></td>
<td><a href="mailto:adrian@psinet.net.au">ac</a>
<a href="mailto:eivind@FreeBSD.org">ee*</a>
<a href="mailto:guido@FreeBSD.org">gvr*</a>
<a href="mailto:jehamby@lightside.com">jh</a>
<a href="mailto:top@bird.cris.net">ka</a>
<a href="mailto:mudge@l0pht.com">mu</a>
<a href="mailto:vadim@tversu.ac.ru">vk</a></td>
<td><a href="mailto:imp@FreeBSD.org">imp*</a>
<a href="mailto:jmb@FreeBSD.org">jmb*</a>
<a href="mailto:dillon@best.net">md*</a>
<a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-contrib@FreeBSD.ORG">contrib</a></td>
<td><a href="mailto:gryphon@healer.com">cg</a></td>
<td><a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-eBones@FreeBSD.ORG">eBones</a></td>
<td><a href="mailto:mark@grondar.za">mrvm*</a></td>
<td><a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-games@FreeBSD.ORG">games</a></td>
<td><a href="mailto:aaronb@j51.com">ab</a>
<a href="mailto:eivind@FreeBSD.org">ee*</a>
<a href="mailto:xaa@stack.nl">xaa</a></td>
<td><a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-init@FreeBSD.ORG">init</a></td>
<td><a href="mailto:giles@nemeton.com.au">gl</a></td>
<td><a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-lib@FreeBSD.ORG">lib</a></td>
<td><a href="mailto:apk@itl.waw.pl">ak</a>
<a href="mailto:nordquist@platinum.com">bjn</a>
<a href="mailto:pst@FreeBSD.org">pst*</a></td>
<td><a href="mailto:davidg@FreeBSD.org">dg*</a>
<a href="mailto:imp@FreeBSD.org">imp*</a>
<a href="mailto:jkh@FreeBSD.org">jkh*</a>
<a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-libc@FreeBSD.ORG">libc</a></td>
<td><a href="mailto:eivind@FreeBSD.org">ee*</a>
<a href="mailto:mudge@l0pht.com">mu</a></td>
<td><a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-libexec@FreeBSD.ORG">libexec</a></td>
<td><a href="mailto:henrich@crh.cl.msu.edu">crh</a>
<a href="mailto:eivind@FreeBSD.org">ee*</a>
<a href="mailto:imp@FreeBSD.org">imp*</a>
<a href="mailto:msr@cuc.com">mr</a>
<a href="mailto:witr@rwwa.com">witr</a></td>
<td><a href="mailto: guido@FreeBSD.org">gvr*</a> </td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-lkm@FreeBSD.ORG">lkm</a></td>
<td><a href="mailto:obrien@NUXI.com">dob*</a></td>
<td><a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-sbin@FreeBSD.ORG">sbin</a></td>
<td><a href="mailto:eivind@FreeBSD.org">ee*</a>
<a href="mailto:imp@FreeBSD.org">imp*</a>
<a href="mailto:roberto@keltia.freenix.fr">or*</a>
<a href="mailto:taob@risc.org">tao</a></td>
<td><a href="mailto:jmb@FreeBSD.org">jmb*</a>
<a href="mailto:dillon@best.net">md*</a>
<a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-secure@FreeBSD.ORG">secure</a></td>
<td><a href="mailto:tenser@spitfire.ecsel.psu.edu">dc</a>
<a href="mailto:mark@grondar.za">mrvm*</a></td>
<td><a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-telnetd@FreeBSD.ORG">telnetd</a></td>
<td><a href="mailto:adrian@psinet.net.au">ac</a>
<a href="mailto:davidn@labs.usn.blaze.net.au">dn</a></td>
<td><a href="mailto:imp@FreeBSD.org">imp*</a>
<a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-usr.bin@FreeBSD.ORG">usr.bin</a></td>
<td><a href="mailto:bob@luke.pmr.com">bob</a>
<a href="mailto:eivind@FreeBSD.org">ee*</a>
<a href="mailto:jha@cs.purdue.edu">jha</a>
<a href="mailto:mollers.pad@sni.de">jm</a>
<a href="mailto:yokota@zodiac.mech.utsunomiya-u.ac.jp">ky*</a>
<a href="mailto:rbezuide@oskar.nanoteq.co.za">rb</a>
<a href="mailto:rajivd@sprynet.com">rd</a>
<a href="mailto:rjk@grauel.com">rjk</a>
<a href="mailto:vadim@tversu.ac.ru">vk</a></td>
<td><a href="mailto:dillon@best.net">md*</a>
<a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
<tr>
<td><a href="mailto:audit-usr.sbin@FreeBSD.ORG">usr.sbin</a></td>
<td><a href="mailto:eivind@FreeBSD.org">ee*</a>
<a href="mailto:ejc@gargoyle.bazzle.com">ejc</a>
<a href="mailto:giles@nemeton.com.au">gl</a>
<a href="mailto:imp@FreeBSD.org">imp*</a>
<a href="mailto:mollers.pad@sni.de">jm</a>
<a href="mailto:marcs@znep.com">marc</a>
<a href="mailto:rajivd@sprynet.com">rd</a></td>
<td><a href="mailto:dillon@best.net">md*</a>
<a href="mailto: guido@FreeBSD.org">gvr*</a></td>
<td>Open</td>
</tr>
</table>
<h2>Auditor/Reviewer keys</h2>
<p>This is the list of people who have volunteered to participate as
auditors or reviewers in this process. They may also be reached
collectively by sending mail to the <a
href="mailto:auditors@FreeBSD.org">auditors@FreeBSD.org</a> alias at
times when it is appropriate to send mail to all auditors. If you wish
to reach just the auditors & reviewers for a specific category, say
<strong>usr.sbin</strong> for example, then you would send mail to <a
href="mailto:audit-usr.sbin@FreeBSD.org">audit-<strong>usr.sbin</strong>@FreeBSD.org</a>.</p>
<table cellpadding="2">
<tr>
<th>Key</th>
<th>Auditor/Reviewer Name and Email address</th>
</tr>
<tr>
<td>ab</td>
<td>Aaron Bornstein <a
href="mailto:aaronb@j51.com">aaronb@j51.com</a></td>
</tr>
<tr>
<td>ac</td>
<td>Adrian Chadd <a
href="mailto:adrian@psinet.net.au">adrian@psinet.net.au</a></td>
</tr>
<tr>
<td>ak</td>
<td>Adam Kubicki <a
href="mailto:apk@itl.waw.pl">apk@itl.waw.pl</a></td>
</tr>
<tr>
<td>am</td>
<td>Albert Mietus <a
href="mailto:gam@gamp.hacom.nl">gam@gamp.hacom.nl</a></td>
</tr>
<tr>
<td>avk</td>
<td>Alexander V. Kalganov <a
href="mailto:top@sonic.cris.net">top@sonic.cris.net</a></td>
</tr>
<tr>
<td>bb</td>
<td>Bob Bishop <a href="mailto:rb@gid.co.uk">rb@gid.co.uk</a></td>
</tr>
<tr>
<td>bjn</td>
<td>Brent J. Nordquist <a
href="mailto:nordquist@platinum.com">nordquist@platinum.com</a></td>
</tr>
<tr>
<td>bob</td>
<td>Bob Willcox <a
href="mailto:bob@luke.pmr.com">bob@luke.pmr.com</a></td>
</tr>
<tr>
<td>btm</td>
<td>Brian T. Michely <a href="mailto:brianm@cmhcsys.com">
brianm@cmhcsys.com</a></td>
</tr>
<tr>
<td>cg</td>
<td>Coranth Gryphon <a
href="mailto:gryphon@healer.com">gryphon@healer.com</a></td>
</tr>
<tr>
<td>cl</td>
<td>Chris Lambertus <a
href="mailto:cmlambertus@ucdavis.edu">cmlambertus@ucdavis.edu</a></td>
</tr>
<tr>
<td>crh</td>
<td>Charles Henrich <a
href="mailto:henrich@crh.cl.msu.edu">henrich@crh.cl.msu.edu</a></td>
</tr>
<tr><td>dc</td>
<td>Dan Cross <a href="mailto:tenser@spitfire.ecsel.psu.edu">
tenser@spitfire.ecsel.psu.edu</a></td>
</tr>
<tr>
<td>dg*</td>
<td>David Greenman <a
href="mailto:dg@FreeBSD.org">davidg@FreeBSD.org</a></td>
</tr>
<tr>
<td>din</td>
<td>Dinesh Nair <a
href="mailto:dinesh@alphaque.com">dinesh@alphaque.com</a></td>
</tr>
<tr>
<td>dn</td>
<td>David Nugent <a
href="mailto:davidn@labs.usn.blaze.net.au">davidn@labs.usn.blaze.net.au</a></td>
</tr>
<tr>
<td>dob*</td>
<td>David E. O'Brien <a
href="mailto:obrien@NUXI.com">obrien@NUXI.com</a></td>
</tr>
<tr>
<td>dz</td>
<td>Danny J. Zerkel <a
href="mailto:dzerkel@phofarm.com">dzerkel@phofarm.com</a></td>
</tr>
<tr>
<td>ee*</td>
<td>Eivind Eklund <a
href="mailto:eivind@FreeBSD.org">eivind@FreeBSD.org</a></td>
</tr>
<tr>
<td>eh</td>
<td>Elijah Hempstone <a
href="mailto:avatar@gandalf.bss.sol.net">avatar@gandalf.bss.sol.net</a></td>
</tr>
<tr>
<td>ehu</td>
<td>Ernest Hua <a
href="mailto:hua@chromatic.com">hua@chromatic.com</a></td>
</tr>
<tr>
<td>ejc</td>
<td>Eric J. Chet <a
href="mailto:ejc@gargoyle.bazzle.com">ejc@gargoyle.bazzle.com</a></td>
</tr>
<tr>
<td>gl</td>
<td>Giles Lean <a
href="mailto:giles@nemeton.com.au">giles@nemeton.com.au</a></td>
</tr>
<tr>
<td>gvr*</td>
<td>Guido van Rooij <a
href="mailto:guido@FreeBSD.org">guido@FreeBSD.org</a></td>
</tr>
<tr>
<td>gw</td>
<td>Graham Wheeler <a
href="mailto:gram@oms.co.za">gram@oms.co.za</a></td>
</tr>
<tr>
<td>imp*</td>
<td>Warner Losh <a
href="mailto:imp@FreeBSD.org">imp@FreeBSD.org</a></td>
</tr>
<tr>
<td>jb</td>
<td>Jim Bresler <a
href="mailto:jfb11@inlink.com">jfb11@inlink.com</a></td>
</tr>
<tr>
<td>jh</td>
<td>Jake Hamby <a
href="mailto:jehamby@lightside.com">jehamby@lightside.com</a></td>
</tr>
<tr>
<td>jha</td>
<td>John H. Aughey <a
href="mailto:jha@cs.purdue.edu">jha@cs.purdue.edu</a></td>
</tr>
<tr>
<td>jk</td>
<td>Jerry Kendall <a
href="mailto:Jerry@kcis.com">Jerry@kcis.com</a></td>
</tr>
<tr>
<td>jkh*</td>
<td>Jordan K. Hubbard <a
href="mailto:jkh@FreeBSD.org">jkh@FreeBSD.org</a></td>
</tr>
<tr>
<td>jm</td>
<td>Josef Moellers <a
href="mailto:mollers.pad@sni.de">mollers.pad@sni.de</a></td>
</tr>
<tr>
<td>jmb*</td>
<td>Jonathan M. Bresler <a
href="mailto:jmb@FreeBSD.org">jmb@FreeBSD.org</a></td>
</tr>
<tr>
<td>joe*</td>
<td>Joe Greco <a
href="mailto:jgreco@solaria.sol.net">jgreco@solaria.sol.net</a></td>
</tr>
<tr>
<td>ka</td>
<td>Kalganov Alexander <a
href="mailto:top@bird.cris.net">top@bird.cris.net</a></td>
</tr>
<tr>
<td>ki</td>
<td>Kenneth Ingham <a
href="mailto:ingham@i-pi.com">ingham@i-pi.com</a></td>
</tr>
<tr>
<td>ky*</td>
<td>Kazutaka YOKOTA <a
href="mailto:yokota@zodiac.mech.utsunomiya-u.ac.jp">yokota@zodiac.mech.utsunomiya-u.ac.jp</a></td>
</tr>
<tr>
<td>marc</td>
<td>Marc Slemko <a
href="mailto:marcs@znep.com">marcs@znep.com</a></td>
</tr>
<tr>
<td>md*</td>
<td>Matt Dillon <a
href="mailto:dillon@best.net">dillon@best.net</a></td>
</tr>
<tr>
<td>mr</td>
<td>Mike Romaniw <a href="mailto:msr@cuc.com">msr@cuc.com</a></td>
</tr>
<tr>
<td>mrvm*</td>
<td>Mark Murray <a
href="mailto:mark@grondar.za">mark@grondar.za</a></td>
</tr>
<tr>
<td>mu</td>
<td>Mudge <a href="mailto:mudge@l0pht.com">mudge@l0pht.com</a></td>
</tr>
<tr>
<td>or*</td>
<td>Ollivier Robert <a
href="mailto:roberto@keltia.freenix.fr">roberto@keltia.freenix.fr</a></td>
</tr>
<tr>
<td>pb</td>
<td>Peter Blake <a
href="mailto:ppb@baloo.tcp.co.uk">ppb@baloo.tcp.co.uk</a></td>
</tr>
<tr>
<td>peter*</td>
<td>Peter Wemm <a
href="mailto:peter@FreeBSD.org">peter@FreeBSD.org</a></td>
</tr>
<tr>
<td>phk*</td>
<td>Poul-Henning Kamp <a
href="mailto:phk@FreeBSD.org">phk@FreeBSD.org</a></td>
</tr>
<tr>
<td>pst*</td>
<td>Paul Traina <a
href="mailto:pst@FreeBSD.org">pst@FreeBSD.org</a></td>
</tr>
<tr>
<td>rb</td>
<td>Reinier Bezuidenhout <a
href="mailto:rbezuide@oskar.nanoteq.co.za">rbezuide@oskar.nanoteq.co.za</a></td>
</tr>
<tr>
<td>rd</td>
<td>Rajiv Dighe <a
href="mailto:rajivd@sprynet.com">rajivd@sprynet.com</a></td>
</tr>
<tr>
<td>rel</td>
<td>Roger Espel Llima <a
href="mailto:espel@llaic.univ-bpclermont.fr">espel@llaic.univ-bpclermont.fr</a></td>
</tr>
<tr>
<td>rjk</td>
<td>Richard J Kuhns <a
href="mailto:rjk@grauel.com">rjk@grauel.com</a></td>
</tr>
<tr>
<td>rm</td>
<td>Robin Melville <a
href="mailto:robmel@nadt.org.uk">robmel@nadt.org.uk</a></td>
</tr>
<tr>
<td>rs</td>
<td>Robert Sexton <a
href="mailto:robert@kudra.com">robert@kudra.com</a></td>
</tr>
<tr>
<td>sc</td>
<td>Sergei Chechetkin <a
href="mailto:csl@whale.sunbay.crimea.ua">csl@whale.sunbay.crimea.ua</a></td>
</tr>
<tr>
<td>tao</td>
<td>Brian Tao <a href="mailto:taob@risc.org">taob@risc.org</a></td>
</tr>
<tr>
<td>tdr</td>
<td>Thomas David Rivers <a
href="mailto:ponds!rivers@dg-rtp.dg.com">ponds!rivers@dg-rtp.dg.com</a></td>
</tr>
<tr>
<td>vk</td>
<td>Vadim Kolontsov <a
href="mailto:vadim@tversu.ac.ru">vadim@tversu.ac.ru</a></td>
</tr>
<tr>
<td>witr</td>
<td>Robert Withrow <a
href="mailto:witr@rwwa.com">witr@rwwa.com</a></td>
</tr>
<tr>
<td>xaa</td>
<td>Mark Huizer <a href="mailto:xaa@stack.nl">xaa@stack.nl</a></td>
</tr>
</table>
<h3>* = Has CVS commit privileges.</h3>
&footer;
</body>
</html>
<!--
Local Variables:
mode: sgml
sgml-indent-data: t
sgml-omittag: nil
sgml-always-quote-attributes: t
End:
-->
Reference in a new issue View git blame Copy permalink