Date: Sat, 14 Sep 2013 10:40:54 +0800 From: Julian Elischer <julian@freebsd.org> To: John Baldwin <jhb@freebsd.org> Cc: Gary Palmer <gpalmer@freebsd.org>, freebsd-security@freebsd.org, John-Mark Gurney <jmg@funkthat.com>, Jonathon Wright <jonathon.s.wright@gmail.com> Subject: Re: FreeBSD Transient Memory problem? Message-ID: <5233CCB6.9010205@freebsd.org> In-Reply-To: <201309131703.40685.jhb@freebsd.org> References: <CAGX1DMbQP=TggYQm-3hra0Od3gjgz5xQ8bEMMrueuhL6kuZMUA@mail.gmail.com> <20130913164718.GC33898@in-addr.com> <CAGX1DMZnk4vBxF-KTO5Zvdu3ZwaA3QVbyB%2BThagWed5i0OWSdg@mail.gmail.com> <201309131703.40685.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/14/13 5:03 AM, John Baldwin wrote: > On Friday, September 13, 2013 2:23:19 pm Jonathon Wright wrote: >> Well stated Gary. >> >> I need to divulge more information it appears. The reason I'm unable to >> effectively fight the semantic game, and not pay the auditors, etc. etc. is >> because the auditors are the DoD. We work for a private company that's >> contracted out to provide services to the DoD. But we still have to pass >> their inspections. As you all know, the DoD does not exactly see things in >> anything but black and white. >> >> So yes, my management is freaked out because the DoD auditors (paid for by >> the DoD btw) are finding issues that we have to resolve to keep the >> contract going. That's why my hands are tied. I'll give them credit though, >> they are allowing me to demonstrate FreeBSD's capability in this manner by >> providing documentation since FreeBSD does not have the cert. Thats the >> first non-black and white auditor check I've seen in years. >> >> We have lots of time and efforts invested in our architecture which is >> based on FreeBSD and thats why we're fighting to keep it, hence the start >> of this post. >> >> Thanks again for all the insights, I'll keep ya up to date. We have another >> month or so to work this, so we're still formulating an initial response. > I think the sensible thing they are looking for is that new pages don't leak > data between processes, not anything to do with malloc zeroing, etc. FreeBSD > definitely does do this. However, the "right" answer is probably that you > will have to pay to have the version of FreeBSD you are currently using > audited. this will probably be a lot cheaper than changing to Linux at this point.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5233CCB6.9010205>