1 |
keytoaster 10/09/02 11:47:16 |
2 |
|
3 |
Added: kernel_guide.html |
4 |
Log: |
5 |
Fetched from d.g.o/~falco/ |
6 |
|
7 |
Revision Changes Path |
8 |
1.1 xml/htdocs/proj/en/security/old/kernel_guide.html |
9 |
|
10 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/security/old/kernel_guide.html?rev=1.1&view=markup |
11 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/security/old/kernel_guide.html?rev=1.1&content-type=text/plain |
12 |
|
13 |
Index: kernel_guide.html |
14 |
=================================================================== |
15 |
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
16 |
<html> |
17 |
<head> |
18 |
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
19 |
<link title="new" rel="stylesheet" href="css/main.css" type="text/css"> |
20 |
<link REL="shortcut icon" HREF="favicon.ico" TYPE="image/x-icon"> |
21 |
<title>Gentoo Linux |
22 |
Documentation |
23 |
-- |
24 |
Kernel Security Guide</title> |
25 |
</head> |
26 |
<body style="margin-left:0px;margin-top:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0"> |
27 |
<tr><td valign="top" height="125" bgcolor="#45347b"><table cellspacing="0" cellpadding="0" border="0" width="193"> |
28 |
<tr><td class="logobg" valign="top" align="center" height="88"><a href="/"><img border="0" src="images/gtop-s.jpg" alt="Gentoo Logo"></a></td></tr> |
29 |
<tr><td class="logobg" valign="top" align="center" height="36"><a href="/"><img border="0" src="images/gbot-s.gif" alt="Gentoo Logo Side"></a></td></tr> |
30 |
</table></td></tr> |
31 |
<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr> |
32 |
<td width="99%" class="content" valign="top" align="left"> |
33 |
<br><p class="dochead">Kernel Security Guide</p> |
34 |
<form name="contents" action="http://www.gentoo.org"> |
35 |
<b>Contents</b>: |
36 |
<select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:Arial,Helvetica, sans-serif; font-size:10"><option value="#doc_chap1">1. Public vulnerability bug management</option></select> |
37 |
</form> |
38 |
<p class="chaphead"><span class="chapnum"><a name="doc_chap1">1. </a></span>Public vulnerability bug management</p> |
39 |
<p class="secthead"><a name="doc_chap1_sect1">Status whiteboard rules </a></p> |
40 |
|
41 |
<p> |
42 |
The status whiteboard in Bugzilla lets us keep track of the category the |
43 |
bug falls into and its status. It should be following this pattern: |
44 |
"[kernelline] vulntype: keywords", where: |
45 |
</p> |
46 |
|
47 |
<table class="ntable"> |
48 |
<tr> |
49 |
<td bgcolor="#7a5ada" class="infohead"><b>Element</b></td> |
50 |
<td bgcolor="#7a5ada" class="infohead"><b>Content</b></td> |
51 |
<td bgcolor="#7a5ada" class="infohead"><b>Example</b></td> |
52 |
</tr> |
53 |
<tr> |
54 |
<td bgcolor="#ddddff" class="tableinfo">kernelline</td> |
55 |
<td bgcolor="#ddddff" class="tableinfo">Affected kernel lines (empty means unknown)</td> |
56 |
<td bgcolor="#ddddff" class="tableinfo">[2.6]</td> |
57 |
</tr> |
58 |
<tr> |
59 |
<td bgcolor="#ddddff" class="tableinfo">vulntype</td> |
60 |
<td bgcolor="#ddddff" class="tableinfo">The vulnerability type and configuration modifier (empty means |
61 |
unknown)</td> |
62 |
<td bgcolor="#ddddff" class="tableinfo">LocalRoot-</td> |
63 |
</tr> |
64 |
<tr> |
65 |
<td bgcolor="#ddddff" class="tableinfo">keywords</td> |
66 |
<td bgcolor="#ddddff" class="tableinfo">Optional extra keyword(s), as defined below</td> |
67 |
<td bgcolor="#ddddff" class="tableinfo">needPatch</td> |
68 |
</tr> |
69 |
</table> |
70 |
|
71 |
<p> |
72 |
Example kernellines: |
73 |
</p> |
74 |
|
75 |
<table class="ntable"> |
76 |
<tr> |
77 |
<td bgcolor="#7a5ada" class="infohead"><b>Kernel line</b></td> |
78 |
<td bgcolor="#7a5ada" class="infohead"><b>Description</b></td> |
79 |
</tr> |
80 |
<tr> |
81 |
<td bgcolor="#ddddff" class="tableinfo">[2.6]</td> |
82 |
<td bgcolor="#ddddff" class="tableinfo">Only 2.6 kernels are affected</td> |
83 |
</tr> |
84 |
<tr> |
85 |
<td bgcolor="#ddddff" class="tableinfo">[2.6 < 2.6.10]</td> |
86 |
<td bgcolor="#ddddff" class="tableinfo">Only 2.6 kernels before 2.6.10 are affected</td> |
87 |
</tr> |
88 |
<tr> |
89 |
<td bgcolor="#ddddff" class="tableinfo">[2.4 2.6]</td> |
90 |
<td bgcolor="#ddddff" class="tableinfo">2.4 and 2.6 kernels are affected</td> |
91 |
</tr> |
92 |
<tr> |
93 |
<td bgcolor="#ddddff" class="tableinfo"></td> |
94 |
<td bgcolor="#ddddff" class="tableinfo">No value means affected kernel lines are still unknown</td> |
95 |
</tr> |
96 |
</table> |
97 |
|
98 |
<p> |
99 |
The following vulnerability types are accepted: |
100 |
</p> |
101 |
|
102 |
<table class="ntable"> |
103 |
<tr> |
104 |
<td bgcolor="#7a5ada" class="infohead"><b>Type</b></td> |
105 |
<td bgcolor="#7a5ada" class="infohead"><b>Description</b></td> |
106 |
</tr> |
107 |
<tr> |
108 |
<td bgcolor="#ddddff" class="tableinfo">RemoteRoot</td> |
109 |
<td bgcolor="#ddddff" class="tableinfo">Remote root compromise</td> |
110 |
</tr> |
111 |
<tr> |
112 |
<td bgcolor="#ddddff" class="tableinfo">RemoteDoS</td> |
113 |
<td bgcolor="#ddddff" class="tableinfo">Remote denial of service</td> |
114 |
</tr> |
115 |
<tr> |
116 |
<td bgcolor="#ddddff" class="tableinfo">LocalRoot</td> |
117 |
<td bgcolor="#ddddff" class="tableinfo">Flaw allowing privilege escalation for local unprivileged processes</td> |
118 |
</tr> |
119 |
<tr> |
120 |
<td bgcolor="#ddddff" class="tableinfo">RemoteOther</td> |
121 |
<td bgcolor="#ddddff" class="tableinfo">Other remote flaws, including memory leaks</td> |
122 |
</tr> |
123 |
<tr> |
124 |
<td bgcolor="#ddddff" class="tableinfo">LocalDoS</td> |
125 |
<td bgcolor="#ddddff" class="tableinfo">Local user can crash the machine or otherwise deny service to other |
126 |
users</td> |
127 |
</tr> |
128 |
<tr> |
129 |
<td bgcolor="#ddddff" class="tableinfo">LocalOther</td> |
130 |
<td bgcolor="#ddddff" class="tableinfo">Other local flaws, including local information leaks</td> |
131 |
</tr> |
132 |
</table> |
133 |
|
134 |
<p> |
135 |
The following configuration modifiers are allowed: |
136 |
</p> |
137 |
|
138 |
<table class="ntable"> |
139 |
<tr> |
140 |
<td bgcolor="#7a5ada" class="infohead"><b>Configuration modifier</b></td> |
141 |
<td bgcolor="#7a5ada" class="infohead"><b>Description</b></td> |
142 |
</tr> |
143 |
<tr> |
144 |
<td bgcolor="#ddddff" class="tableinfo">+</td> |
145 |
<td bgcolor="#ddddff" class="tableinfo">All configurations (or default configurations) are affected</td> |
146 |
</tr> |
147 |
<tr> |
148 |
<td bgcolor="#ddddff" class="tableinfo">-</td> |
149 |
<td bgcolor="#ddddff" class="tableinfo">Only specific configurations are affected</td> |
150 |
</tr> |
151 |
<tr> |
152 |
<td bgcolor="#ddddff" class="tableinfo"></td> |
153 |
<td bgcolor="#ddddff" class="tableinfo">No value means configurations affected are still unknown</td> |
154 |
</tr> |
155 |
</table> |
156 |
|
157 |
<p> |
158 |
The following extra keywords are allowed: |
159 |
</p> |
160 |
|
161 |
<table class="ntable"> |
162 |
<tr> |
163 |
<td bgcolor="#7a5ada" class="infohead"><b>Keyword</b></td> |
164 |
<td bgcolor="#7a5ada" class="infohead"><b>Description</b></td> |
165 |
</tr> |
166 |
<tr> |
167 |
<td bgcolor="#ddddff" class="tableinfo">inKiss</td> |
168 |
<td bgcolor="#ddddff" class="tableinfo">The bug has been entered into the KISS system</td> |
169 |
</tr> |
170 |
<tr> |
171 |
<td bgcolor="#ddddff" class="tableinfo">needPatch</td> |
172 |
<td bgcolor="#ddddff" class="tableinfo">The bug still misses patches</td> |
173 |
</tr> |
174 |
<tr> |
175 |
<td bgcolor="#ddddff" class="tableinfo">patching</td> |
176 |
<td bgcolor="#ddddff" class="tableinfo">Maintainers have been called to patch their kernels</td> |
177 |
</tr> |
178 |
</table> |
179 |
<p class="secthead"><a name="doc_chap1_sect2">Bug severity depending on vulnerability type </a></p> |
180 |
|
181 |
<table class="ntable"> |
182 |
<tr> |
183 |
<td bgcolor="#7a5ada" class="infohead"><b>Severity</b></td> |
184 |
<td bgcolor="#7a5ada" class="infohead"><b>Vulnerability types</b></td> |
185 |
</tr> |
186 |
<tr> |
187 |
<td bgcolor="#ddddff" class="tableinfo">Blocker</td> |
188 |
<td bgcolor="#ddddff" class="tableinfo">RemoteRoot+ RemoteRoot-</td> |
189 |
</tr> |
190 |
<tr> |
191 |
<td bgcolor="#ddddff" class="tableinfo">Critical</td> |
192 |
<td bgcolor="#ddddff" class="tableinfo">RemoteDos+ LocalRoot+</td> |
193 |
</tr> |
194 |
<tr> |
195 |
<td bgcolor="#ddddff" class="tableinfo">Major</td> |
196 |
<td bgcolor="#ddddff" class="tableinfo">RemoteDos- LocalRoot- RemoteOther+</td> |
197 |
</tr> |
198 |
<tr> |
199 |
<td bgcolor="#ddddff" class="tableinfo">Normal</td> |
200 |
<td bgcolor="#ddddff" class="tableinfo">LocalDoS+ RemoteOther-</td> |
201 |
</tr> |
202 |
<tr> |
203 |
<td bgcolor="#ddddff" class="tableinfo">Minor</td> |
204 |
<td bgcolor="#ddddff" class="tableinfo">LocalDos- LocalOther+</td> |
205 |
</tr> |
206 |
<tr> |
207 |
<td bgcolor="#ddddff" class="tableinfo">Trivial</td> |
208 |
<td bgcolor="#ddddff" class="tableinfo">LocalOther-</td> |
209 |
</tr> |
210 |
</table> |
211 |
|
212 |
<br><tt> |
213 |
The contents of this document are licensed under the <a href="http://creativecommons.org/licenses/by-sa/1.0">Creative Commons - Attribution / Share Alike</a> license. |
214 |
</tt><br> |
215 |
</td> |
216 |
<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="5" cellpadding="0"> |
217 |
<tr><td><img src="images/line.gif" alt="line"></td></tr> |
218 |
<tr><td align="center" class="alttext"> |
219 |
Updated March 29, 2005</td></tr> |
220 |
<tr><td><img src="images/line.gif" alt="line"></td></tr> |
221 |
<tr><td class="alttext"> |
222 |
<b><a class="altlink" href="mailto:koon@g.o">Thierry Carrez</a></b> |
223 |
<br><i>Author</i><br><br> |
224 |
</td></tr> |
225 |
<tr><td><img src="images/line.gif" alt="line"></td></tr> |
226 |
<tr><td class="alttext"> |
227 |
<b>Summary:</b> |
228 |
This document contains procedures, tips and tricks applying to the |
229 |
Kernel security maintainer job. |
230 |
</td></tr> |
231 |
<tr><td><img src="images/line.gif" alt="line"></td></tr> |
232 |
<tr><td align="center"> |
233 |
<p class="alttext"><b>Donate</b> to support our development efforts. |
234 |
</p> |
235 |
<form action="https://www.paypal.com/cgi-bin/webscr" method="post"> |
236 |
<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="drobbins@g.o"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="" name="submit" alt="Make payments with PayPal - it's fast, free and secure!"> |
237 |
</form> |
238 |
</td></tr> |
239 |
<tr><td><img src="images/line.gif" alt="line"></td></tr> |
240 |
<tr><td align="center"><a href="http://store.gentoo.org"><img src="images/store.png" alt="The Gentoo Linux Store" border="0"></a></td></tr> |
241 |
<tr><td><img src="images/line.gif" alt="line"></td></tr> |
242 |
<tr><td align="center"> |
243 |
<a href="http://www.phparch.com/bannerclick.php?AID=68&BID=1&BT=127929" target="_top"><img src="images/phpa-gentoo.gif" width="125" height="144" alt="php|architect" border="0"></a><p class="alttext"> |
244 |
php|architect is the monthly magazine for PHP professionals, available |
245 |
worldwide in print and electronic format. A percentage of all the sales |
246 |
will be donated back into the Gentoo project. |
247 |
</p> |
248 |
</td></tr> |
249 |
<tr><td><img src="images/line.gif" alt="line"></td></tr> |
250 |
<tr><td align="center"> |
251 |
<a href="http://www.tek.net" target="_top"><img src="images/tek-gentoo.gif" width="125" height="125" alt="Tek Alchemy" border="0"></a><p class="alttext"> |
252 |
Tek Alchemy offers dedicated servers and other hosting solutions running Gentoo Linux. |
253 |
</p> |
254 |
</td></tr> |
255 |
<tr><td><img src="images/line.gif" alt="line"></td></tr> |
256 |
<tr><td align="center"> |
257 |
<a href="http://www.qksrv.net/click-477620-5032687" target="_top"><img src="http://www.qksrv.net/image-477620-5032687" width="125" height="125" alt="DDR Memory at Crucial.com" border="0"></a><p class="alttext"> |
258 |
Purchase RAM from <b>Crucial.com</b> and a percentage of your sale will go towards further Gentoo Linux development. |
259 |
</p> |
260 |
</td></tr> |
261 |
<tr><td><img src="images/line.gif" alt="line"></td></tr> |
262 |
<tr><td align="center"> |
263 |
<a href="http://www.netraverse.com/gentoo.htm" target="_top"><img src="images/netraverse-gentoo.gif" width="125" height="102" alt="Win4Lin at NeTraverse" border="0"></a><p class="alttext"> |
264 |
Win4Lin from <b>NeTraverse</b> lets you run Windows applications under Gentoo Linux at native speeds. |
265 |
</p> |
266 |
</td></tr> |
267 |
<tr><td><img src="images/line.gif" alt="line"></td></tr> |
268 |
</table></td> |
269 |
</tr></table></td></tr> |
270 |
<tr><td colspan="2" align="right" class="infohead" width="100%" bgcolor="#7a5ada"> |
271 |
Copyright 2001-2003 Gentoo Technologies, Inc. Questions, Comments, Corrections? Email <a class="highlight" href="mailto:www@g.o">www@g.o</a>. |
272 |
</td></tr> |
273 |
</table></body> |
274 |
</html> |