From owner-freebsd-questions Thu Nov 8 0:36: 8 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 86E9D37B419 for ; Thu, 8 Nov 2001 00:35:49 -0800 (PST) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id fA88ZhT96480; Thu, 8 Nov 2001 00:35:44 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Anthony Atkielski" , "Andrew C. Hornback" , "FreeBSD Questions" Subject: RE: Lockdown of FreeBSD machine directly on Net Date: Thu, 8 Nov 2001 00:35:43 -0800 Message-ID: <005001c16830$5af4dc00$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <004001c1682e$6db1d5c0$0a00000a@atkielski.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Anthony >Atkielski >Sent: Thursday, November 08, 2001 12:22 AM >To: Andrew C. Hornback; FreeBSD Questions >Subject: Re: Lockdown of FreeBSD machine directly on Net > >I'm saying that either it will succeed, or it won't, but this will not change >over the lifetime of the product. A hole that is not originally >present in the >code will not magically appear at some later date. Not necessairly because a lot of UNIX programs use shared libraries. The code for the specific UNIX app may not change but if the library code does it can create a hole that didn't exist before. For example an early version of the library that has docs that are silent on the issue of bounds checking, may indeed do bounds checking on parameters passed to a function but this may be found to cause problems so later on it's removed. The original application developer knew about the bounds checking so didn't include it in his application, so when the app was built it had no hole. Later on the library code is changed, creating a hole in the application. This is espically common on ports. There's lots of apps that have been ported to FreeBSD that the port maintainer discovered bugs in the memory handling, these bugs didn't exist on other platforms because those platforms' compilers correct freeing problems silently, behinds the scenes. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message