From owner-freebsd-current Tue Nov 23 23:40:48 1999 Delivered-To: freebsd-current@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id A0B9814C8E; Tue, 23 Nov 1999 23:40:44 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA11995; Wed, 24 Nov 1999 00:39:51 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA18824; Wed, 24 Nov 1999 00:40:10 -0700 (MST) Message-Id: <199911240740.AAA18824@harmony.village.org> To: peter.jeremy@alcatel.com.au Subject: Re: FreeBSD security auditing project. Cc: "David O'Brien" , current@FreeBSD.ORG In-reply-to: Your message of "Wed, 24 Nov 1999 10:19:37 +1100." <99Nov24.101250est.40341@border.alcanet.com.au> References: <99Nov24.101250est.40341@border.alcanet.com.au> <99Nov24.075703est.40331@border.alcanet.com.au> <19991123142626.D49964@dragon.nuxi.com> Date: Wed, 24 Nov 1999 00:40:10 -0700 From: Warner Losh Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <99Nov24.101250est.40341@border.alcanet.com.au> Peter Jeremy writes: : I suspect that a 'cvs diff' of the OpenBSD code tree is the best : starting point. As a veteran of that war, I think you underestimate that task be about a few orders of magnitude. A better starting point I've found to be the ChangeLog files in the CVSROOT directory of the openbsd tree. After a while, you get a good nose for reading them to know what is important and what isn't. Once you hit a program that has had one fix, it is most productive, I've found, to integrate all the security and bug fixes things you can find in that program, and then reaudit the hell of out of it in case you introduce something bogus. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message