"Month of Kernel Bugs" Project Head Interviewed - Slashdot

Please create an account to participate in the Slashdot moderation system

×

"Month of Kernel Bugs" Project Head Interviewed 42

Posted by CowboyNeal on Saturday November 11, 2006 @12:30PM from the getting-to-know dept.

An anonymous reader writes "November has been labelled the 'Month of Kernel Bugs' in security circles. The Month of Kernel Bugs began on November 1, with the publication of a vulnerability in Apple's AirPort drivers. SecuriTeam blogs did an interview with LMH, who hosts the project."

This discussion has been archived. No new comments can be posted.

"Month of Kernel Bugs" Project Head Interviewed

Search 42 Comments Log In/Create an Account

Comments Filter:

Re:A question I wish was answered (Score:4, Informative)

by bcat24 ( 914105 ) writes: on Saturday November 11, 2006 @12:51PM (#16805994) Homepage Journal

The Month of Kernel Bugs is the brainchild of a security researcher and contributor to the Metasploit Project who uses the moniker "L.M.H."
(cite) [securityfocus.com]

Parent Share
twitter facebook
Re:Apple flaw? No. (Score:5, Informative)

by spinja ( 994674 ) writes: on Saturday November 11, 2006 @01:38PM (#16806310) Homepage

The bug I found is not due to the card "complying with a standard", its because the first-generation Airport driver (the latest one available at that), has a bug that allows someone to run code in your kernel from a distance. Maybe I missed the "ieee80211b-pwned" spec, but this doesn't seem like good behavior.

Why is that Apple supporters are in such denial about their favorite products having security flaws? This bug was one of many in the Airport drivers and one an even bigger set of wireless exploits that we plan on releasing. A Broadcom bug was released today which likely affects more systems than Apple has ever shipped.

Parent Share
twitter facebook
Re:/sigh stupid FUD (Score:2, Informative)

by spinja ( 994674 ) writes: on Saturday November 11, 2006 @01:45PM (#16806370) Homepage

This particular one was only in the first-generation Airport drivers. It may affect Windows users of the Proxim/Orinoco/Lucent chips as well, but we didn't have any hardware to test on.

Parent Share
twitter facebook
Shifty business in the kernel. (Score:4, Informative)

by Kadin2048 ( 468275 ) writes: <slashdot.kadin@xox y . net> on Saturday November 11, 2006 @02:19PM (#16806592) Homepage Journal

I have never been involved, even peripherally, in kernel development, so I thought some of LMH's comments on how security concerns are addressed there were interesting.

In particular, he remarks: "Another point, is actually that silent patches are much more popular in kernel development. Remote denial of service issues may be patched under rather fun terms like 'this may dereference a null pointer', 'foo is signed when it should be unsigned', etc. And some kernel interfaces are literally a royal pain to work with. Filesystem code itself is a rather complex part of the kernel as it deals in low-level with things we typically know 'abstracted' (ex. you copy files, you don't deal with inodes, blocks, etc)."

This seems rather contrary to the OSS development model in general, and if it's something that's happening a lot, it seems as though something's wrong, procedurally. Why is all this buggy code getting in, in the first place? While I'm aware that a lot of Linux people don't like BSD or its development methods, maybe there needs to be some sort of stricter review process for contributions.

If there was one place where transparency and accountability were most important, it seems like it would be in the Linux kernel, it being arguably one of the most important projects, or at least most visible, that the F/OSS movement has produced.

Parent Share
twitter facebook
Re:/sigh stupid FUD (Score:2, Informative)

by spinja ( 994674 ) writes: on Saturday November 11, 2006 @02:57PM (#16806870) Homepage

Current drivers for the first-generation cards (the non-extreme) ones. This limited the bug to Mac hardware shipped between 1999 and 2003. We have some reproducable crashes in the latest Atheros-based cards as well (all new Intel Macs), but need to finish the research before we talk about it.

Parent Share
twitter facebook
MOKB (Score:4, Informative)

by PhunkySchtuff ( 208108 ) writes: <kai&automatica,com,au> on Saturday November 11, 2006 @05:15PM (#16807920) Homepage

If you're after more info on the Month of Kernel Bugs, check out the blog [blogspot.com]

No, this isn't my blog, and I've got nothing to do with it, it's just that it's not linked to or mentioned in the main story...

Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

I've noticed several design suggestions in your code.