On Sun, 25 May 2003 15:11, Matt Zimmerman wrote: > On Sun, May 25, 2003 at 06:21:00AM +0200, Christoph Hellwig wrote: > > On Sat, May 24, 2003 at 06:32:26PM -0400, Matt Zimmerman wrote: > > > It's not noise at all when it's something that we and others > > > (desperately!) want to know about. > > > > Then read through the prepatch diffs, everything adding checks to > > ioctl methods or similar is likely one them. > > This approach does not scale. I cannot personally review the diffs for > every upstream release of all the software in Debian, nor can any other > individual or even a small group.
It does not scale to all software in Debian. But most software does not need much in the way of security auditing. A small group of people could review all kernel patches that make it into the official tree. Of course getting even a small group of people who have the skill to do such work properly and the time to do it continually may not be easy. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
