| 1 |
James... |
| 2 |
|
| 3 |
I would definitely give this a thought - sounds |
| 4 |
interesting and challenging. |
| 5 |
|
| 6 |
Thanks a lot, |
| 7 |
Nitin |
| 8 |
|
| 9 |
On Mon, May 4, 2009 at 8:56 AM, James <wireless@×××××××××××.com> wrote: |
| 10 |
> Nitin Kanaskar <nitinvk04 <at> gmail.com> writes: |
| 11 |
> |
| 12 |
> |
| 13 |
>> Thank you so much Dale again - but i |
| 14 |
>> would try to follow links given by Neil - |
| 15 |
>> thank you Neil - and chk in the cvs repositories. |
| 16 |
>> Really appreciate your willingness to help. |
| 17 |
> |
| 18 |
> Hello Nitin, |
| 19 |
> |
| 20 |
> After reading your thread, you seem to be a bit |
| 21 |
> flexible in what you pursue as opportunities |
| 22 |
> for security analysis. Just a suggestion, but, |
| 23 |
> in lieu of pursuing a very 'well worn path' of |
| 24 |
> vulnerability assessments, might you be interested |
| 25 |
> in exploring an alternative? |
| 26 |
> |
| 27 |
> |
| 28 |
> If so, consider testing for security vulnerabilities |
| 29 |
> on a variety of embedded (Gentoo) linux devices/architectures? |
| 30 |
> |
| 31 |
> |
| 32 |
> You'll find embedded linux on a variety of hardware, |
| 33 |
> very rich in opportunities for exploits. There are |
| 34 |
> far fewer folks to test and fix problems, and many |
| 35 |
> of the builds are barely able to support the |
| 36 |
> arch, let alone robust security analysis. You |
| 37 |
> could easily distinguish your self and provide a |
| 38 |
> huge service to the gentoo community, not to mention |
| 39 |
> working with some very sharp minds who |
| 40 |
> inhabit this space. |
| 41 |
> |
| 42 |
> |
| 43 |
> For example, you could test the vulnerability |
| 44 |
> difference between the various C libraries, |
| 45 |
> with all else being the same. Or look at vulnerability |
| 46 |
> differences between soft-float and using builds |
| 47 |
> based on hardware, just to name a few. Certainly with |
| 48 |
> a quick survey of the space, you can come up |
| 49 |
> with lots of ideas that would yield lots of |
| 50 |
> uniquely interesting information, and blaze a new path. |
| 51 |
> Gentoo on ARM is a HUGE opportunity for distinction. |
| 52 |
> |
| 53 |
> |
| 54 |
> Here are a few links for your perusal: |
| 55 |
> |
| 56 |
> http://www.gentoo.org/proj/en/base/embedded/index.xml |
| 57 |
> |
| 58 |
> http://www.gentoo.org/proj/en/base/embedded/handbook/ |
| 59 |
> |
| 60 |
> http://tinderbox.dev.gentoo.org/ |
| 61 |
> |
| 62 |
> http://slonopotamus.org/gentoo-on-n8x0 |
| 63 |
> |
| 64 |
> http://en.gentoo-wiki.com/wiki/TinyGentoo |
| 65 |
> |
| 66 |
> http://wiki.debian.org/ArmEabiPort |
| 67 |
> |
| 68 |
> http://www.codesourcery.com/sgpp/lite/arm/portal/target_arch1?@template=faq#q_gnu_linux_long_long |
| 69 |
> |
| 70 |
> http://martinwguy.co.uk/martin/tech/Maverick/ |
| 71 |
> |
| 72 |
> Just a suggestion.... |
| 73 |
> |
| 74 |
> hth, |
| 75 |
> James |
| 76 |
> |
| 77 |
> |
| 78 |
> |
| 79 |
> |
Archives