OTR and general security stuff
Jurre van Bergen
drwhax at 2600nl.net
Wed Feb 13 10:46:46 EST 2013
Hi,
I've been auditing various parts in Pidgin[1], I'm working with some
fellow hackers to audit various parts of the libpurple and pidgin code,
I found some potentially sketchy code, I'll hope to email the security
team soon with a write-up. Also, I plan on keep doing this for a while.
I plan on;
* Audit the codebase.
* Writing some fuzzers and look what ASan/TSan/MSan think of it.
* Getting a better SSL implementation going (NSS/GNUTLS in a pluggable
way) [2]
* Sandbox integration for Linux platform. Think libvirt-sandbox or Seccomp?
I was thinking, perhaps it's interesting for the Pidgin project to have
a few or one student(s) working this summer (GSOC) on "securing"
Pidgin/LibPurple?
All the best,
Jurre
[1] http://hg.pidgin.im/pidgin/main/rev/66dc0da8257b
[2] https://developer.pidgin.im/ticket/15515
--
Give a man a fish and you feed him for a day; teach a man to fish and you feed him for life.
http://jurrevanbergen.nl/
More information about the Devel
mailing list