Linux developers have begun an ambitious project to identify security problems with the open source operating system before they trouble end users.
vnunet.com, 23 Jul 2000
Linux developers have begun an ambitious project to identify security problems with the open source operating system before they trouble end users.
The Linux Kernel Auditing Project is an attempt to audit the Linux kernel for any security holes. The project also aims to educate Linux developers on how to write code securely and thereby stay ahead of crackers in creating a secure operating environment.
Bryan Paxton, who wrote the mission statement for the project, said it was time for a security audit of the Linux kernel and that the process would result in more secure operating system for end users.
"Certain proprietary operating systems sit around, and wait for a security bug to come to them and not go to bug themselves," said Paxton. "Linux kernel developers/hackers are down to earth and pretty logical people, and realise that Linux is not perfect, that a lot of the code they write, submit, and gets plugged into the kernel is not flawless, and more than likely could be improved for security reasons."
The audit will deal with current source code and will not develop additional patches nor add new functions, which might affect or disrupt other parts of the kernel.
Roy Hills, technical director of security testing firm NTA Monitor, praised the move and said it made sense to separate the auditing and fixing functions involved in making an operating system secure.
"Open source operating systems are subject to bugs similar to those that affect proprietary systems, but people in the open source community seem to react quicker to things and are more open about it," he added.
OpenBSD, another Unix-like open source operating system, has been subject to an ongoing security audit since 1996.
Matthew Pemble, former security specialist in the Royal Navy and now at integrator IS Integration, said: "A formal code review, which this project is aiming for, would be a huge undertaking for a big operating system.
"Microsoft operating systems have not been desperately well tested, and because of the ubiquitous nature of that operating system that can have significant consequences."
The Linux Kernel Auditing Project is being undertaken by groups of Linux enthusiasts and developers who will work via a mailing list. The suggested kernels to be audited are 2.0.x kernel series, 2.2.x kernel series and the 2.3.x/2.4.x kernel series.
To subscribe to the project's mailing list, send a message with the body text 'subscribe kernel-audit' to majordomo@nl.linux.org
Linux creator Linus Torvalds has posted the near-final release of the Linux 2.4 kernel to the kernel.org website.
The delay of the next version of the Linux kernel is likely to shake user confidence in the operating system despite having little effect on software development.
Security has finally become an item on the corporate agenda but many companies are taking the wrong approach to addressing the issue, according to research by IDC.
Red Hat has launched a version of the Linux operating system for use in clustered server environments.
First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1
Surviving veterans of the code-breaking facility to receive badge of...
Telco begins major rollout in 69 locations across the UK
Do you agree?
Have your say on this article