From owner-freebsd-current Wed Nov 24 0:40:17 1999 Delivered-To: freebsd-current@freebsd.org Received: from herring.nlsystems.com (nlsys.demon.co.uk [158.152.125.33]) by hub.freebsd.org (Postfix) with ESMTP id 6EF6114D3F; Wed, 24 Nov 1999 00:40:04 -0800 (PST) (envelope-from dfr@nlsystems.com) Received: from salmon.nlsystems.com (salmon.nlsystems.com [10.0.0.3]) by herring.nlsystems.com (8.9.3/8.8.8) with ESMTP id IAA31171; Wed, 24 Nov 1999 08:43:21 GMT (envelope-from dfr@nlsystems.com) Date: Wed, 24 Nov 1999 08:43:21 +0000 (GMT) From: Doug Rabson To: "David O'Brien" Cc: Mark Murray , Kris Kennaway , current@freebsd.org Subject: Re: FreeBSD security auditing project. In-Reply-To: <19991123140303.B49964@dragon.nuxi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 23 Nov 1999, David O'Brien wrote: > > So when Joe Blow clicks on (say) src->bin->cat he'll find that > > (say) markm eyballed the code and kris diffed it with OpenBSD > > and merged in fixes - "cat now considered safe". > > Until the next commit to cat. > > A security review is never done. We need to be in a mode where every > commit is suspect and people are compelled to review it. BDE's use of > CTM to review changes is actually rather affective in this reguard. We need to put audit tags into the source tree when a file is audited. That allows the diffs to be audited later which should be a smaller job and then the audit tag slides forward. -- Doug Rabson Mail: dfr@nlsystems.com Nonlinear Systems Ltd. Phone: +44 181 442 9037 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message