From owner-freebsd-current Tue Nov 23 14: 2:51 1999 Delivered-To: freebsd-current@freebsd.org Received: from smtp.manhattanprojects.com (smtp.manhattanprojects.com [207.181.119.22]) by hub.freebsd.org (Postfix) with ESMTP id 2FDDF14C1F; Tue, 23 Nov 1999 14:02:46 -0800 (PST) (envelope-from gerald@manhattanprojects.com) Received: from manhattanprojects.com (xs.lab.glc.com [10.0.0.14]) by smtp.manhattanprojects.com (8.9.1/8.8.7) with ESMTP id QAA20205; Tue, 23 Nov 1999 16:54:18 -0500 (EST) (envelope-from gerald@manhattanprojects.com) Message-ID: <383B0F03.70A84532@manhattanprojects.com> Date: Tue, 23 Nov 1999 17:02:43 -0500 From: Gerald Abshez X-Mailer: Mozilla 4.05 [en] (X11; I; FreeBSD 2.2.5-RELEASE i386) MIME-Version: 1.0 To: Kris Kennaway Cc: current@FreeBSD.ORG Subject: Re: FreeBSD security auditing project. References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris Kennaway wrote: > > Let me throw in some ideas.. > > I think it would be very useful to have a database which can track > submitted open/netbsd CVS commits (with the code diff included), > preferably mapped to the relevant file in the freebsd tree if possible > according to a path mapping table (i.e. /some/openbsd/path/file.c mapped > to /equiv/freebsd.path/file.c). Here is my 0.02: I think it would be useful to identify "unsafe" functions, so that anyone can participate in the "eyeball" portion of the game. This means that we need eyeballed, identified as a (potential) problem and fixed, as well as some other possiblities. There is a lot of code out there, and it would help if we could involve the non-programmers in the search. Comments? Gerald. -- This is your FreeBSD -- Where do YOU want to go tommorow? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message