From owner-freebsd-security Fri Aug 13 1:29:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (Postfix) with ESMTP id 0756D14D29 for ; Fri, 13 Aug 1999 01:29:46 -0700 (PDT) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id SAA25334; Fri, 13 Aug 1999 18:29:21 +1000 (EST) From: Darren Reed Message-Id: <199908130829.SAA25334@cheops.anu.edu.au> Subject: Re: "Secure-FreeBSD" Idea To: imp@village.org (Warner Losh) Date: Fri, 13 Aug 1999 18:29:20 +1000 (EST) Cc: avalon@coombs.anu.edu.au, gill@topsecret.net, tomb@securify.com, andrewr@slack.net, freebsd-security@FreeBSD.ORG In-Reply-To: <199908130714.BAA08901@harmony.village.org> from "Warner Losh" at Aug 13, 99 01:14:44 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Warner Losh, sie said: > > In message <199908130431.OAA23238@cheops.anu.edu.au> Darren Reed writes: > : NetBSD's primarily goal is stability and portability although they seem > : to discover new security problems more often than OpenBSD people do. By > : that I mean problems which involve more than program X having a new buffer > : overflow problem. > > Are you counting the hundreds of buffer overflows that OpenBSD fixed > to begin with? I've seen many many many more buffer overflows from > OpenBSD than from NetBSD. No, but then buffer overflows don't really interest me. They're not hard to find, fix or exploit. Nor are they `new'. OpenBSD's audit didn't find the recent profil(2) bug, which the NetBSD folks did. There are many types of security problems, and those OpenBSD have been addressing, whilst essential and very worthy, have been simple to spot and solve. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message