Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 28 Apr 1999 09:54:39 +0930 (CST)
From:      Kris Kennaway <kkennawa@physics.adelaide.edu.au>
To:        Alfred Perlstein <bright@rush.net>
Cc:        Dan Langille <junkmale@xtra.co.nz>, Nicole Harrington <nicole@nmhtech.com>, advocacy@FreeBSD.ORG
Subject:   Re: FreeBSD Security
Message-ID:  <Pine.OSF.4.10.9904280947230.16376-100000@bragg>
In-Reply-To: <Pine.BSF.3.96.990427105150.12661B-100000@cygnus.rush.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 27 Apr 1999, Alfred Perlstein wrote:

> > >                         ---------------
> > > FreeBSD:
> > > No FreeBSD security reports have been released since 11/04/1998. 
> > >                         ---------------
> > > 
> > > Not many os's could claim that.
> > 
> > Grin.  Pretty good.
> > 
> > But it brought to mind something about a CEO comparing Mac and Windows.  
> > He claimed that Mac must have lots of bugs in it because bug fixes were 
> > issued "all the time" but Windows must have no bugs because they hardly 
> > ever issue any bug fixes.
> 
> Yes but there's a difference, I'm unaware of any major FreeBSD security
> hole since the /proc hole about 2 years ago that wasn't the fault of
> a "contributed" program.

To be fair, there have been security problems since that date (including some
publicized ones). Just after 3.0-REL there was a TCP bug capable of hanging
the machine remotely, and earlier this year there was a ping bug discovered
which allowed every user to effectively ping -f. There was a sysctl problem
capable of crashing the machine fixed a month or two ago (which wasn't widely
publicized outside the PR database) - note to self, check whether this was
fixed in -STABLE as well - and there have been other kernel bugs patched over
time which were capable of crashing machines reliably as ordinary users
(there's an outstanding bug in the ATAPI code which reliably panics the
machine by recursively grepping files on a CD - probably present in -STABLE as
well since they share the same driver. I'm pretty sure there's a PR open on
this one). Most of them never made it to the "'sploit" stage and were caught
by the development process, is all.

Kris

> 
> If you want to see feature improvements and bugfixes look at 
> cvs-all@freebsd.org.
> 
> *BSD has a decade and a half of work put into it so far, what other OS
> can really say that?
> 
> -Alfred
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-advocacy" in the body of the message
> 

-----
The Feynman problem-solving algorithm: 1. Write down the problem
                                       2. Think real hard
                                       3. Write down the solution



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-advocacy" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.10.9904280947230.16376-100000>