Date: Fri, 13 Sep 2013 17:03:40 -0400 From: John Baldwin <jhb@freebsd.org> To: freebsd-security@freebsd.org Cc: Gary Palmer <gpalmer@freebsd.org>, Jonathon Wright <jonathon.s.wright@gmail.com>, John-Mark Gurney <jmg@funkthat.com>, Julian Elischer <julian@freebsd.org> Subject: Re: FreeBSD Transient Memory problem? Message-ID: <201309131703.40685.jhb@freebsd.org> In-Reply-To: <CAGX1DMZnk4vBxF-KTO5Zvdu3ZwaA3QVbyB%2BThagWed5i0OWSdg@mail.gmail.com> References: <CAGX1DMbQP=TggYQm-3hra0Od3gjgz5xQ8bEMMrueuhL6kuZMUA@mail.gmail.com> <20130913164718.GC33898@in-addr.com> <CAGX1DMZnk4vBxF-KTO5Zvdu3ZwaA3QVbyB%2BThagWed5i0OWSdg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday, September 13, 2013 2:23:19 pm Jonathon Wright wrote: > Well stated Gary. > > I need to divulge more information it appears. The reason I'm unable to > effectively fight the semantic game, and not pay the auditors, etc. etc. is > because the auditors are the DoD. We work for a private company that's > contracted out to provide services to the DoD. But we still have to pass > their inspections. As you all know, the DoD does not exactly see things in > anything but black and white. > > So yes, my management is freaked out because the DoD auditors (paid for by > the DoD btw) are finding issues that we have to resolve to keep the > contract going. That's why my hands are tied. I'll give them credit though, > they are allowing me to demonstrate FreeBSD's capability in this manner by > providing documentation since FreeBSD does not have the cert. Thats the > first non-black and white auditor check I've seen in years. > > We have lots of time and efforts invested in our architecture which is > based on FreeBSD and thats why we're fighting to keep it, hence the start > of this post. > > Thanks again for all the insights, I'll keep ya up to date. We have another > month or so to work this, so we're still formulating an initial response. I think the sensible thing they are looking for is that new pages don't leak data between processes, not anything to do with malloc zeroing, etc. FreeBSD definitely does do this. However, the "right" answer is probably that you will have to pay to have the version of FreeBSD you are currently using audited. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309131703.40685.jhb>