On Wed, Jan 13, 2010 at 11:33 AM, Jon Ciesla <limb@xxxxxxxxxxxx> wrote: > Seth Vidal wrote: >> >> > Thanks, Seth. And if we don't, what's a good resource for security > auditing n00bs? 1) Look over the change history. Don't trust the source repository but older versions of the tar balls and see what has changed between them. 2) Look over the code for what doesn't make any sense... sometimes the dropping of some shell code or obsfucated shell code is obvious this way. 3) What are the permissions of the programs.. setuid/setgid programs/packages should be looked at more closely. 4) Look over what the program opens, closes, etc. fetchmail opening mail files is probably ok.. it opening up /proc/kmem?? maybe not. 5) Work on getting a group of code auditors together in Fedora to look these over more thoroughly. This will find the non-clever people (who are usually 40-60% of the people who break in and change stuff). The clever ones.. no idea.. a complete line by line audit might uncover it.. at which point you have rewritten the app. -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel