[Users] Solar Designer Audit 2005
Kir Kolyshkin
kir at openvz.org
Wed May 13 14:37:11 PDT 2015
On 05/12/2015 02:04 AM, apoc at keemail.me wrote:
> Hello!
> I'm interested in the security audit performed by Solar Designer in
> 2005, which is mentioned in the "Security" section of the openvz website.
>
> Is there a reason why it's still not publicly available?
It was never meant to be released to the general public, it was an
internal audit.
Having said, I can share some details I do remember. It was OpenVZ
2.6.8-based kernel,
and Solar used a few different techniques, both advanced (like fuzzy
syscall testing) and
simple (good ol' source code reading). He was able to find one bug
specific to OpenVZ,
which was immediately fixed, and three security vulnerabilities that
were not
OpenVZ-specific and came from the upstream kernel -- those were also
reported,
fixed in upstream and backported to our kernel. That's pretty much it.
Note Solar also uses OpenVZ kernels in Openwall GNU/*/Linux distro
(http://www.openwall.com/Owl/).
Kir.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20150513/35f71453/attachment.html>
More information about the Users
mailing list