Linux Today: Linux News On Internet Time.

More on LinuxToday

Finding Linux Bugs Before they Become Exploits

Jul 27, 2009, 16:32 (1 Talkback[s])
(Other stories by Andy Patrizio)


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

"It's not everyday that there is a public security exploit published for the Linux kernel, yet that is what happened in early July. Though the flaw itself was patched in the mainline Linux kernel several weeks prior to the public exploit code being published, not all users may have patched. It could have been a lot worse.

"The issue of patching aside, the public exploit could easily have been a zero day exploit on the Linux kernel itself, were it not for the fact that the bug that enables the exploit was caught by a scan from code scanning vendor Coverity. The Linux kernel has been actively scanned by Coverity since at least 2004 in an effort to find bugs and improve code quality.

""Our builds were broken in February and March so we didn't see it immediately when the code was first committed," David Maxwell, open source strategist for Coverity told InternetNews.com "But we've had it flagged in the system since March and it was fixed on the fifth of July."

Complete Story

Related Stories: