| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 May 2008 03:21:42 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: "Rafael J. Wysocki" <rjw@...k.pl>, Willy Tarreau <w@....eu>, David Miller <davem@...emloft.net>, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>, Jiri Slaby <jirislaby@...il.com> Subject: Re: Slow DOWN, please!!! On Wed, Apr 30, 2008 at 06:40:39PM -0700, Linus Torvalds wrote: > Now, we do know that open-source code tends to be higher quality (along a > number of metrics) than closed source code, and my argument is that it's > not because of bike-shedding (aka code review), but simply because the > code is out there and available and visible. Really? And how, pray tell, being out there will magically improve the code? "With enough eyes all bugs are shallow" stuff out of ESR's arse? FWIW, after the last month's flamefests I decided to actually do something about review density of code in the areas I'm theoretically responsible for. Namely, do systematic review of core data structure handling (starting with the place where most of the codepaths get into VFS - descriptor tables and struct file), doing both blow-by-blow writeup on how that sort of things is done and documentation of the life cycle/locking rules/assertions made by code/etc. I made one bad mistake that held the things back for quite a while - sending heads-up for one of the worse bugs found in process to never-sufficiently-damned vendor-sec. The last time I'm doing that, TYVM... Anyway, I'm going to get the notes on that stuff in order and put them in the open. I really hope that other folks will join the fun afterwards. The goal is to get a coherent braindump that would be sufficient for people new to the area wanting to understand and review VFS-related code - both in the tree and in new patches. files_struct/fdtable handling is mostly dealt with, struct file is only partially done - unfortunately, struct file_lock has to be dealt with before that and it's a (predictable) nightmare. On the other end of things, fs_struct is not really started, vfsmount review is partially done, dentry/superblock/inode not even touched. Even with what little had been covered... well, let's just say that it caught quite a few fun turds. With typical age around 3-4 years. And VFS is not the messiest part of the tree... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists