I've almost finished the first draft of the 'Source Code Auditing HOWTO', modelled upon the documentation already available in the Linux Documentation Project.
I'll be posting this in livejournal shellcode community in a day or two for comment.
Wargames
I've also put together a challenging wargame on a spare machine.
A user signs up for an account and recieves the password for the account 'level1' on my box.
Once they login a message is displayed, and they must exploit the '~/bin/level2' binary which is setuid(level2), this will enable them to read the password to level2, where the process repeats itself.
So far I have four levels put together of gradually increasing complexity.
I still have a couple of things to do, then we'll go live with some local people.
I'm not sure the box is restricted enough to open it to the world, although I'm looking forward to reading the syslog and captured information.