From owner-freebsd-current Tue Nov 23 11:35:19 1999 Delivered-To: freebsd-current@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 618ED14BEE; Tue, 23 Nov 1999 11:35:17 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 284AE1CD433; Tue, 23 Nov 1999 11:35:16 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Tue, 23 Nov 1999 11:35:16 -0800 (PST) From: Kris Kennaway To: Mark Murray Cc: current@freebsd.org Subject: Re: FreeBSD security auditing project. In-Reply-To: <199911231905.VAA80949@gratis.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 23 Nov 1999, Mark Murray wrote: > 1) We need to eyeball _all_ of the code for potential security holes, > and fix those ASAP. > > 2) I propose that diff(1) FreeBSD with {Open|Net}BSD, and with a > security perspective apply those bits that look relevant and that will > work. Who nose - we may even pick up some useful featurez! I've been slowly trying to do some of this, and got through at least some of bin/ so far (billf has also been doing work on this, as have probably others). Probably this is the easiest way to get progress towards this goal - since FreeBSD is genetically very similar to OpenBSD, they've already fixed most of our security bugs (but not all!). > I am prepared to provide a (semi-)automatic tool that folks can > submit their efforts to. (Yes, this is a group effort, we all need to > get involved and donate our Copious Free Time. All the time that is > currently invested in flamewars would be better spent here, *hint* > *hint*.) The tool will be web-based and will give a good idea of > progress, so we can even turn it into a sort of competition. > > Here is a starter list of what we need to audit for: > > o unsafe use of the str*(3) functions; strcat/strcpy/sprintf &c. I wonder how many instances of the potentially unsafe functions there are in the source tree? :) > o unsafe buffer handling (probably better handled by str*(3)??) > > o tmpfile races. There is still a predictable tempfile name somewhere in binutils(?) which gets invoked during a parallel make world (with -pipe?). Sorry I can't remember more details, it was a while ago I found it. Running make world -j2 with the tempwatch port active will find the file, though. > o unsafe use of command line or environment variables (?). > > o unsafe passing/exposure of sensitive data. > > o &c. please contribute here.... Probably a good resource would be to collect together a bunch of papers/references describing what kinds of vulerabilities exist, how to exploit them, and how to avoid them (e.g. old phrack/bugtraq articles, etc). Programmer education is the key to secure programming! :-) I have some 500+ commit messages in my openbsd folder which are things I need to investigate further for relevancy. Some way of sharing these with the group, adding/removing/vetting changes which should be looked at would be very useful. Kris ---- Cthulhu for President! For when you're tired of choosing the _lesser_ of two evils.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message