Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 19 Jul 2001 21:03:33 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        David O'Brien <obrien@FreeBSD.ORG>
Cc:        Kris Kennaway <kris@obsecurity.org>, Mike Heffner <mheffner@vt.edu>, arch@FreeBSD.ORG
Subject:   Re: Importing lukemftpd
Message-ID:  <20010719210332.A78418@xor.obsecurity.org>
In-Reply-To: <20010719203700.B94074@dragon.nuxi.com>; from obrien@FreeBSD.ORG on Thu, Jul 19, 2001 at 08:37:00PM -0700
References:  <XFMail.20010716212454.mheffner@novacoxmail.com> <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> <20010719123015.A44746@xor.obsecurity.org> <20010719203700.B94074@dragon.nuxi.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--dDRMvlgZJXvWKvBx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jul 19, 2001 at 08:37:00PM -0700, David O'Brien wrote:
> On Thu, Jul 19, 2001 at 12:30:16PM -0700, Kris Kennaway wrote:
> > > Are you now holding all daemon hostage?  I think you're being too str=
ong
> > > on this statement.  If this is going to be the case, please document =
that
> > > from now on daemon changes (or new ones) must be pre-approved by the =
S.O.
> >=20
> > You're being facetious.
>=20
> A little.  But I do find that your power play seems to be arbitrarily
> applied to LukeM ftpd.

There haven't been any other cases of similar impact recently for me
to stand up and do my thing over.  If someone wanted to -- say --
commit a replacement IPv4 stack which had been rewritten from scratch,
or a rewritten inetd, etc, then I'd be saying the exact same thing.

I can't afford to yell and scream about the potential insecurity of
every change made to FreeBSD, even though almost every commit includes
the possibility to introduce insecurity, because people wouldn't stand
for it (and rightly so), so I have to pick my battles and limit it to
cases where I perceive the risk to be great enough.  For example, that
includes yelling at committers when they make a "risky" commit
(i.e. to a security-critical area of the tree) which wasn't reviewed,
because of the large number of times such commits have turned around
and bitten us a few months later (causing sometimes dozens of
person-hours of work for the security team to clean up).

> > I can't give you a commitment, but this is going to be my top priority
> > to request once we figure out this funding thing.  It will get done.
>=20
> What does funding have to do with anything?  All the auditing done so far
> wasn't funded.  If you asked your auditing contacts to spend time on
> this, I think they most likely would.  I fail to see why you will not
> make a commitment.  I have committed to GCC 3.0 in 5.0.  I know the work
> that will take, but I have done it anyway.  JHB has committed to proc
> locking for 5.0.  There are numerous people that have committed to
> getting X done for 5.0.

You and John are being paid to work full-time on FreeBSD, and the
projects you mentioned are projects you do during your >8 hours a day
of paid FreeBSD hacking time.  If you were working on these in your
own time, say from 10pm at night after a hard day at work, I think
you'd be much less firm about your ability to complete the project
according to a deadline.

Auditing of a non-trivial application is time-consuming and difficult.
The kinds of bugs I expect might be found in something like ftpd are
not the trivial ones involving misuse of sprintf(), but the deeply
embedded ones which rely on interactions between several different
parts of the code.  That requires someone to sit down for a week and
really become intimate with the code, which isn't something that most
people can do in their spare time for an hour or two here and there
(which is why no-one's done this so far).  If someone is being paid to
do the work as part of their day job, they have the ability to do
this.

Kris

--dDRMvlgZJXvWKvBx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7V62TWry0BWjoQKURAogWAJ4golL/6OVlFnSuKhFLlio/vjXmoACg2tqG
qxelyzpoemzvrhz3YQuQUEk=
=VMgL
-----END PGP SIGNATURE-----

--dDRMvlgZJXvWKvBx--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010719210332.A78418>