Re: Doing a security audit of Subversion.

From: Michael Sweet <mike_at_easysw.com>
Date: 2004-06-21 22:08:29 CEST

kfogel@collab.net wrote:
> I've started doing a security audit of Subversion's code. I'm not
> expert in this, but (as you probably noticed) we've had two security
> releases already, 1.0.3 and 1.0.5. It'd be nice to be ahead of the
> game for once, instead of catching up. Anyone who wants to help,
> please join me! You can post here to say what sort of inspection
> you're doing, but, for obvious reasons,
> ...

I'll add another useful method for auditing code - use valgrind
(http://valgrind.kde.org) to run svnserve. It *will* run a lot
slower than normal, but I have found it very useful for tracking down
less obvious bugs and risky use of common functions. We use it
regularly on CUPS and HTMLDOC now, and so far so good! :)

Valgrind is also good at tracking resource leaks, and can give you
some nice memory statistics if you like.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products           mike at easysw dot com
Printing Software for UNIX                       http://www.easysw.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Mon Jun 21 22:09:16 2004

This message: [ Message body ]
Next message: Erik Huelsmann: "[PATCH] Refactor locale targets into separate Makefile"
Previous message: kfogel_at_collab.net: "Doing a security audit of Subversion."
In reply to: kfogel_at_collab.net: "Doing a security audit of Subversion."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]