os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/en/auditors.sgml
Jonathan M. Bresler 3fce78627f change the "auditors sign-up" mail-to url to point to 
myself instead of jordan.  this change was coordinated with jkh.
1997-03-03 03:21:17 +00:00

433 lines
17 KiB
Text
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY date "$Date: 1997-03-03 03:21:17 $">
<!ENTITY title "FreeBSD Auditing Project">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>
<HTML>
<HEAD>
<TITLE>FreeBSD Source Auditing Project</TITLE>
<META NAME="Author" CONTENT="Jordan Hubbard">
</HEAD>
<BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#0000FF" VLINK="#800080" ALINK="#FF
0000">
<H1>General Information</H1>
<em>Last Updated: $Date: 1997-03-03 03:21:17 $ </em>
<H2>Overview</H2>
<P>In light of our recent (and still ongoing) security concerns, it
has become rather obvious that nothing less than a rigorous and
comprehensive security review of the FreeBSD source tree will enable
us to really have much confidence in the security of our operating
system, an OS that many have come increasingly to rely upon and must
be made more than reasonably secure if they are to continue to be able
to do so.</P>
<P>The sheer amount of legacy code & code from outside sources in
FreeBSD also makes it especially easy for security holes to go
unnoticed until it's rather too late, and no truly large-scale attempt
has been made up to this point to really go through the codebase with
a specific focus on security issues, that being a rather big project
and most FreeBSD developers being more than busy enough elsewhere.
This situation must now change, however, if we are to remain the kind
of operating system that people can continue to rely upon as the
Internet continues to grow and (I suspect) become an ever-more hostile
environment for improperly protected systems. Proper security is
something of a cooperative arrangement between the local administrator
and the OS vendor, and this "OS vendor" needs to do its part.</P>
<P>The core team's first step in becoming more serious about security
was to bring the project's security officer, <a href="mailto:guido@FreeBSD.org">
Guido van Rooij</a>, into the team so that one of the "voices at the
table" would have security as his primary mandate and representation
in all the important security mailing lists external to the FreeBSD
Project. He will also keep the rest of us in core much more aware of
security concerns as they arise, hopefully not to be taken quite so by
surprise as we have a few times in the past.</P>
<P>Our second step will be this audit, an attempt to methodically go
through every line of source in FreeBSD looking for obvious buffer
overflows (sprintf()/strcpy() vs snprintf()/strncpy() and so on), less
obvious security holes, instances of insufficiently defensive coding,
amusing comment strings to forward to freebsd-chat, whatever we run
across.</P>
<P>Using the
<a href="ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-CVS/CVSROOT/modules">
modules database</a> as an outline, we will split the source tree into
more manageable pieces, keeping a sign-up sheet in a prominent place
so that people can see which modules are covered and which are not. A
carefully selected team of individuals is now also being formed, that
team being composed of "auditors" and "reviewers" (most members of the
team being both). An auditor has principle responsibility, which may
be shared with another auditor, for actually going through the code
and looking for security holes and/or bugs. Once a reasonable pile of
diffs have been accumulated, assuming that any problems were found,
they are send to one or more reviewers who are responsible for giving
the changes another once-over and, if the auditor does not have commit
privileges, to actually commit the changes when & if they're deemed
acceptable.</P>
<H2>Requirements:</H2>
<P>In order to be an auditor, you should either have commit privileges on
<em>freefall.freebsd.org</em> or an arrangement with another auditor/reviewer
who does. You should also be running or have immediate access to
<a href="handbook/current.html">FreeBSD-current</a> sources since all of our changes
will be made relative to that branch and then brought back (as necessary)
into the <strong>2.1</strong> and <strong>2.2</strong> branches.
<P>What to look for and what the general rules to follow are is sufficiently
complex that I have turned it into a <a href="security.html">FreeBSD
Security Guide</a>. Please read this now if you haven't already.
Other excellent documents are the <a
href="ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist">
Secure Programming Checklist</a> and the <a
href="ftp://ftp.auscert.org.au/pub/auscert/papers/unix_security_checklist">
Unix Security Checklist</a>, both available from AUSCERT.
<H2>Sign-Up sheet:</H2>
<P>Here is the sign-up sheet as it sits so far. This is *very* skeletal
at this stage, given that we've just now started, and as people
indicate which module(s) they're willing to either audit or review,
we'll fill it in. If this tabular format also becomes unwieldy as it
fills up, we can change it or put it on a web page or something. :)
I've left some sample entries open just as place-holders, and they in
no way imply that someone has to be willing to pick up pieces that
large.</P>
<P>Anything in the modules database represents a potential auditing
target - from ones as small as "cat" to ones as large as "lib", the
most important being that people bite off pieces no larger than they
think they can chew. If you take 15 things onto your plate and deal
with only 5, you're not doing anyone any favors since the other
auditors will be assuming that the other 10 items are handled!</P>
To sign up for something, please send mail to <a
href="mailto:jmb@FreeBSD.org"> jmb@FreeBSD.org</a>.
<P></P><TABLE BORDER="2" CELLPADDING="3">
<TR><TH>Module</TH><TH>Auditor(s)</TH><TH>Reviewer(s)</TH>
<TH>Status</TH></TR>
<TR><TD><A HREF="mailto:audit-bin@FreeBSD.ORG">bin</A></TD>
<TD>
<A HREF="mailto:adrian@psinet.net.au">ac</A>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:guido@FreeBSD.org">gvr*</A>
<A HREF="mailto:jehamby@lightside.com">jh</A>
<A HREF="mailto:top@bird.cris.net">ka</A>
<A HREF="mailto:mudge@l0pht.com">mu</A>
<A HREF="mailto:vadim@tversu.ac.ru">vk</A>
</TD>
<TD><A HREF="mailto:imp@FreeBSD.org">imp*</A> <A HREF="mailto:jmb@FreeBSD.org">jmb*</A> <A HREF="mailto:dillon@best.net">md</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-contrib@FreeBSD.ORG">contrib</A></TD>
<TD>
<A HREF="mailto:gryphon@healer.com">cg</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-eBones@FreeBSD.ORG">eBones</A></TD>
<TD>
<A HREF="mailto:mark@grondar.za">mrvm*</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-games@FreeBSD.ORG">games</A></TD>
<TD>
<A HREF="mailto:aaronb@j51.com">ab</A>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:xaa@stack.nl">xaa</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-init@FreeBSD.ORG">init</A></TD>
<TD>
<A HREF="mailto:giles@nemeton.com.au">gl</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-lib@FreeBSD.ORG">lib</A></TD>
<TD>
<A HREF="mailto:apk@itl.waw.pl">ak</A>
<A HREF="mailto:nordquist@platinum.com">bjn</A>
<A HREF="mailto:pst@FreeBSD.org">pst*</A>
</TD>
<TD><A HREF="mailto:davidg@FreeBSD.org">dg*</A> <A HREF="mailto:imp@FreeBSD.org">imp*</A> <A HREF="mailto:jkh@FreeBSD.org">jkh*</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-libc@FreeBSD.ORG">libc</A></TD>
<TD>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:mudge@l0pht.com">mu</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-libexec@FreeBSD.ORG">libexec</A></TD>
<TD>
<A HREF="mailto:henrich@crh.cl.msu.edu">crh</A>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:imp@FreeBSD.org">imp*</A>
<A HREF="mailto:msr@cuc.com">mr</A>
<A HREF="mailto:witr@rwwa.com">witr</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-lkm@FreeBSD.ORG">lkm</A></TD>
<TD>
<A HREF="mailto:obrien@NUXI.com">dob</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-sbin@FreeBSD.ORG">sbin</A></TD>
<TD>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:imp@FreeBSD.org">imp*</A>
<A HREF="mailto:roberto@keltia.freenix.fr">or*</A>
<A HREF="mailto:taob@risc.org">tao</A>
</TD>
<TD><A HREF="mailto:jmb@FreeBSD.org">jmb*</A> <A HREF="mailto:dillon@best.net">md</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-secure@FreeBSD.ORG">secure</A></TD>
<TD>
<A HREF="mailto:tenser@spitfire.ecsel.psu.edu">dc</A>
<A HREF="mailto:mark@grondar.za">mrvm*</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-telnetd@FreeBSD.ORG">telnetd</A></TD>
<TD>
<A HREF="mailto:adrian@psinet.net.au">ac</A>
<A HREF="mailto:davidn@labs.usn.blaze.net.au">dn</A>
</TD>
<TD><A HREF="mailto:imp@FreeBSD.org">imp*</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-usr.bin@FreeBSD.ORG">usr.bin</A></TD>
<TD>
<A HREF="mailto:bob@luke.pmr.com">bob</A>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:jha@cs.purdue.edu">jha</A>
<A HREF="mailto:mollers.pad@sni.de">jm</A>
<A HREF="mailto:yokota@zodiac.mech.utsunomiya-u.ac.jp">ky*</A>
<A HREF="mailto:rbezuide@oskar.nanoteq.co.za">rb</A>
<A HREF="mailto:rajivd@sprynet.com">rd</A>
<A HREF="mailto:rjk@grauel.com">rjk</A>
<A HREF="mailto:vadim@tversu.ac.ru">vk</A>
</TD>
<TD><A HREF="mailto:dillon@best.net">md</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-usr.sbin@FreeBSD.ORG">usr.sbin</A></TD>
<TD>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:ejc@gargoyle.bazzle.com">ejc</A>
<A HREF="mailto:giles@nemeton.com.au">gl</A>
<A HREF="mailto:imp@FreeBSD.org">imp*</A>
<A HREF="mailto:mollers.pad@sni.de">jm</A>
<A HREF="mailto:marcs@znep.com">marc</A>
<A HREF="mailto:rajivd@sprynet.com">rd</A>
</TD>
<TD><A HREF="mailto:dillon@best.net">md</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
</TABLE>
<H2>Auditor/Reviewer keys</H2>
<P>This is the list of people who have volunteered to participate as
auditors or reviewers in this process. They may also be reached
collectively by sending mail to the <a
href="mailto:auditors@FreeBSD.org">auditors@FreeBSD.org</a> alias at
times when it is appropriate to send mail to all auditors. If you wish to
reach just the auditors & reviewers for a specific category, say
<strong>usr.sbin</strong> for example, then you would send mail to
<a href="mailto:audit-usr.sbin@FreeBSD.org">
audit-<strong>usr.sbin</strong>@FreeBSD.org</a>.</P>
<TABLE CELLPADDING="2"><TR><TH>Key</TH>
<TH>Auditor/Reviewer Name and Email address</TH></TR>
<TR><td>ab</TD>
<TD>Aaron Bornstein <A HREF="mailto:aaronb@j51.com">
aaronb@j51.com</A></TD></TR>
<TR><td>ac</TD>
<TD>Adrian Chadd <A HREF="mailto:adrian@psinet.net.au">
adrian@psinet.net.au</A></TD></TR>
<TR><td>ak</TD>
<TD>Adam Kubicki <A HREF="mailto:apk@itl.waw.pl">
apk@itl.waw.pl</A></TD></TR>
<TR><td>am</TD>
<TD>Albert Mietus <A HREF="mailto:gam@gamp.hacom.nl">
gam@gamp.hacom.nl</A></TD></TR>
<TR><td>avk</TD>
<TD>Alexander V. Kalganov <A HREF="mailto:top@sonic.cris.net">
top@sonic.cris.net</A></TD></TR>
<TR><td>bb</TD>
<TD>Bob Bishop <A HREF="mailto:rb@gid.co.uk">
rb@gid.co.uk</A></TD></TR>
<TR><td>bjn</TD>
<TD>Brent J. Nordquist <A HREF="mailto:nordquist@platinum.com">
nordquist@platinum.com</A></TD></TR>
<TR><td>bob</TD>
<TD>Bob Willcox <A HREF="mailto:bob@luke.pmr.com">
bob@luke.pmr.com</A></TD></TR>
<TR><td>btm</TD>
<TD>Brian T. Michely <A HREF="mailto:brianm@cmhcsys.com">
brianm@cmhcsys.com</A></TD></TR>
<TR><td>cg</TD>
<TD>Coranth Gryphon <A HREF="mailto:gryphon@healer.com">
gryphon@healer.com</A></TD></TR>
<TR><td>cl</TD>
<TD>Chris Lambertus <A HREF="mailto:cmlambertus@ucdavis.edu">
cmlambertus@ucdavis.edu</A></TD></TR>
<TR><td>crh</TD>
<TD>Charles Henrich <A HREF="mailto:henrich@crh.cl.msu.edu">
henrich@crh.cl.msu.edu</A></TD></TR>
<TR><td>dc</TD>
<TD>Dan Cross <A HREF="mailto:tenser@spitfire.ecsel.psu.edu">
tenser@spitfire.ecsel.psu.edu</A></TD></TR>
<TR><td>dg*</TD>
<TD>David Greenman <A HREF="mailto:davidg@FreeBSD.org">
davidg@FreeBSD.org</A></TD></TR>
<TR><td>din</TD>
<TD>Dinesh Nair <A HREF="mailto:dinesh@alphaque.com">
dinesh@alphaque.com</A></TD></TR>
<TR><td>dn</TD>
<TD>David Nugent <A HREF="mailto:davidn@labs.usn.blaze.net.au">
davidn@labs.usn.blaze.net.au</A></TD></TR>
<TR><td>dob</TD>
<TD>David E. O'Brien <A HREF="mailto:obrien@NUXI.com">
obrien@NUXI.com</A></TD></TR>
<TR><td>dz</TD>
<TD>Danny J. Zerkel <A HREF="mailto:dzerkel@phofarm.com">
dzerkel@phofarm.com</A></TD></TR>
<TR><td>ee</TD>
<TD>Eivind Eklund <A HREF="mailto:eivind@FreeBSD.org">
eivind@FreeBSD.org</A></TD></TR>
<TR><td>eh</TD>
<TD>Elijah Hempstone <A HREF="mailto:avatar@gandalf.bss.sol.net">
avatar@gandalf.bss.sol.net</A></TD></TR>
<TR><td>ehu</TD>
<TD>Ernest Hua <A HREF="mailto:hua@chromatic.com">
hua@chromatic.com</A></TD></TR>
<TR><td>ejc</TD>
<TD>Eric J. Chet <A HREF="mailto:ejc@gargoyle.bazzle.com">
ejc@gargoyle.bazzle.com</A></TD></TR>
<TR><td>gl</TD>
<TD>Giles Lean <A HREF="mailto:giles@nemeton.com.au">
giles@nemeton.com.au</A></TD></TR>
<TR><td>gvr*</TD>
<TD>Guido van Rooij <A HREF="mailto:guido@FreeBSD.org">
guido@FreeBSD.org</A></TD></TR>
<TR><td>gw</TD>
<TD>Graham Wheeler <A HREF="mailto:gram@oms.co.za">
gram@oms.co.za</A></TD></TR>
<TR><td>imp*</TD>
<TD>Warner Losh <A HREF="mailto:imp@FreeBSD.org">
imp@FreeBSD.org</A></TD></TR>
<TR><td>jb</TD>
<TD>Jim Bresler <A HREF="mailto:jfb11@inlink.com">
jfb11@inlink.com</A></TD></TR>
<TR><td>jh</TD>
<TD>Jake Hamby <A HREF="mailto:jehamby@lightside.com">
jehamby@lightside.com</A></TD></TR>
<TR><td>jha</TD>
<TD>John H. Aughey <A HREF="mailto:jha@cs.purdue.edu">
jha@cs.purdue.edu</A></TD></TR>
<TR><td>jk</TD>
<TD>Jerry Kendall <A HREF="mailto:Jerry@kcis.com">
Jerry@kcis.com</A></TD></TR>
<TR><td>jkh*</TD>
<TD>Jordan K. Hubbard <A HREF="mailto:jkh@FreeBSD.org">
jkh@FreeBSD.org</A></TD></TR>
<TR><td>jm</TD>
<TD>Josef Moellers <A HREF="mailto:mollers.pad@sni.de">
mollers.pad@sni.de</A></TD></TR>
<TR><td>jmb*</TD>
<TD>Jonathan M. Bresler <A HREF="mailto:jmb@FreeBSD.org">
jmb@FreeBSD.org</A></TD></TR>
<TR><td>joe*</TD>
<TD>Joe Greco <A HREF="mailto:jgreco@solaria.sol.net">
jgreco@solaria.sol.net</A></TD></TR>
<TR><td>ka</TD>
<TD>Kalganov Alexander <A HREF="mailto:top@bird.cris.net">
top@bird.cris.net</A></TD></TR>
<TR><td>ki</TD>
<TD>Kenneth Ingham <A HREF="mailto:ingham@i-pi.com">
ingham@i-pi.com</A></TD></TR>
<TR><td>ky*</TD>
<TD>Kazutaka YOKOTA <A HREF="mailto:yokota@zodiac.mech.utsunomiya-u.ac.jp">
yokota@zodiac.mech.utsunomiya-u.ac.jp</A></TD></TR>
<TR><td>marc</TD>
<TD>Marc Slemko <A HREF="mailto:marcs@znep.com">
marcs@znep.com</A></TD></TR>
<TR><td>md</TD>
<TD>Matt Dillon <A HREF="mailto:dillon@best.net">
dillon@best.net</A></TD></TR>
<TR><td>mr</TD>
<TD>Mike Romaniw <A HREF="mailto:msr@cuc.com">
msr@cuc.com</A></TD></TR>
<TR><td>mrvm*</TD>
<TD>Mark Murray <A HREF="mailto:mark@grondar.za">
mark@grondar.za</A></TD></TR>
<TR><td>mu</TD>
<TD>Mudge <A HREF="mailto:mudge@l0pht.com">
mudge@l0pht.com</A></TD></TR>
<TR><td>or*</TD>
<TD>Ollivier Robert <A HREF="mailto:roberto@keltia.freenix.fr">
roberto@keltia.freenix.fr</A></TD></TR>
<TR><td>pb</TD>
<TD>Peter Blake <A HREF="mailto:ppb@baloo.tcp.co.uk">
ppb@baloo.tcp.co.uk</A></TD></TR>
<TR><td>peter*</TD>
<TD>Peter Wemm <A HREF="mailto:peter@FreeBSD.org">
peter@FreeBSD.org</A></TD></TR>
<TR><td>phk*</TD>
<TD>Poul-Henning Kamp <A HREF="mailto:phk@FreeBSD.org">
phk@FreeBSD.org</A></TD></TR>
<TR><td>pst*</TD>
<TD>Paul Traina <A HREF="mailto:pst@FreeBSD.org">
pst@FreeBSD.org</A></TD></TR>
<TR><td>rb</TD>
<TD>Reinier Bezuidenhout <A HREF="mailto:rbezuide@oskar.nanoteq.co.za">
rbezuide@oskar.nanoteq.co.za</A></TD></TR>
<TR><td>rd</TD>
<TD>Rajiv Dighe <A HREF="mailto:rajivd@sprynet.com">
rajivd@sprynet.com</A></TD></TR>
<TR><td>rel</TD>
<TD>Roger Espel Llima <A HREF="mailto:espel@llaic.univ-bpclermont.fr">
espel@llaic.univ-bpclermont.fr</A></TD></TR>
<TR><td>rjk</TD>
<TD>Richard J Kuhns <A HREF="mailto:rjk@grauel.com">
rjk@grauel.com</A></TD></TR>
<TR><td>rm</TD>
<TD>Robin Melville <A HREF="mailto:robmel@nadt.org.uk">
robmel@nadt.org.uk</A></TD></TR>
<TR><td>rs</TD>
<TD>Robert Sexton <A HREF="mailto:robert@kudra.com">
robert@kudra.com</A></TD></TR>
<TR><td>sc</TD>
<TD>Sergei Chechetkin <A HREF="mailto:csl@whale.sunbay.crimea.ua">
csl@whale.sunbay.crimea.ua</A></TD></TR>
<TR><td>tao</TD>
<TD>Brian Tao <A HREF="mailto:taob@risc.org">
taob@risc.org</A></TD></TR>
<TR><td>tdr</TD>
<TD>Thomas David Rivers <A HREF="mailto:ponds!rivers@dg-rtp.dg.com">
ponds!rivers@dg-rtp.dg.com</A></TD></TR>
<TR><td>vk</TD>
<TD>Vadim Kolontsov <A HREF="mailto:vadim@tversu.ac.ru">
vadim@tversu.ac.ru</A></TD></TR>
<TR><td>witr</TD>
<TD>Robert Withrow <A HREF="mailto:witr@rwwa.com">
witr@rwwa.com</A></TD></TR>
<TR><td>xaa</TD>
<TD>Mark Huizer <A HREF="mailto:xaa@stack.nl">
xaa@stack.nl</A></TD></TR>
</TABLE>
<H3>* = Has CVS commit privileges.</H3>
&footer;
</BODY>
</HTML>
Reference in a new issue View git blame Copy permalink