Complete coverage in Linux security modules
Posted Oct 6, 2005 20:13 UTC (Thu) by thoffman
Parent article: Complete coverage in Linux security modules
Why are there not published regression tests which would catch this sort of thing immediately?
Surely the NSA and other SELinux developers have (or should have!) test sets which load a variety of different security modules, and then run multiple sequences of user programs which both verify that what should be allowed IS allowed, and what should not be allowed is not allowed.
It's really an embarrassment that any bug like this could be unnoticed for so long, I can't think of any excuse for it other than lack of motivation to really test the code.
to post comments)