From owner-freebsd-security Fri Aug 13 8: 9:37 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 1659914BF3 for ; Fri, 13 Aug 1999 08:09:24 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id JAA27250; Fri, 13 Aug 1999 09:07:27 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id JAA10483; Fri, 13 Aug 1999 09:07:28 -0600 (MDT) Message-Id: <199908131507.JAA10483@harmony.village.org> To: Darren Reed Subject: Re: "Secure-FreeBSD" Idea Cc: gill@topsecret.net, tomb@securify.com, andrewr@slack.net, freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Fri, 13 Aug 1999 18:29:20 +1000." <199908130829.SAA25334@cheops.anu.edu.au> References: <199908130829.SAA25334@cheops.anu.edu.au> Date: Fri, 13 Aug 1999 09:07:28 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199908130829.SAA25334@cheops.anu.edu.au> Darren Reed writes: : No, but then buffer overflows don't really interest me. They're not hard : to find, fix or exploit. Nor are they `new'. OpenBSD's audit didn't find : the recent profil(2) bug, which the NetBSD folks did. There are many other examples that the folks working on OpenBSD have done. Randomizing things (pids, socket endpoints, tcp and IP sequences, etc), killing races, etc are all things that were implemented early on in OpenBSD and the other BSDs have played catchup. NetBSD has also found some interesting problems, but to characterize the number and type of them as much greater than OpenBSD is disengenuous. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message