Date: Tue, 1 Jun 1999 08:37:28 +1200 From: "Dan Langille" <junkmale@xtra.co.nz> To: "Ilmar S. Habibulin" <ilmar@ints.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: auditors Message-ID: <19990531204003.LQOG7869945.mta1-rme@wocker> In-Reply-To: <Pine.BSF.4.05.9906010012390.36904-100000@ws-ilmar.ints.ru> References: <Pine.BSF.3.96.990531132729.15609A-100000@narcissus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1 Jun 99, at 0:14, Ilmar S. Habibulin wrote: > On Mon, 31 May 1999, Snob Art Genre wrote: > > > > And what about posix auditing? Robert Watson made posix.1e audit > > > implementation for freebsd. Why do not use his work? > > > > Different kind of auditing. The first is people vetting code for > > security flaws, the second is logging of system events. > Oh, i suppose i misunderstood term "auditing". You we talking about source > code auditing? Yes. And a cute extract from the URL given (http://www.FreeBSD.org/auditors.html): "Our second step will be this audit, an attempt to methodically go through every line of source in FreeBSD looking for obvious buffer overflows (sprintf()/strcpy() vs nprintf()/strncpy() and so on), less obvious security holes, instances of insufficiently defensive coding, amusing comment strings to forward to freebsd-chat, whatever we run across." I, for one, await the amusing comments. -- Dan Langille - DVL Software Limited The FreeBSD Diary - http://www.FreeBSDDiary.org/freebsd/ NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/ The Racing System - http://www.racingsystem.com/racingsystem.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990531204003.LQOG7869945.mta1-rme>