Date: Tue, 23 Nov 1999 18:21:17 -0500 (EST) From: mwlucas@gltg.com To: kris@hub.freebsd.org (Kris Kennaway) Cc: current@freebsd.org Subject: Re: FreeBSD security auditing project. Message-ID: <199911232321.SAA03005@blackhelicopters.org> In-Reply-To: <Pine.BSF.4.21.9911231407200.46173-100000@hub.freebsd.org> from Kris Kennaway at "Nov 23, 1999 2: 8:31 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > Here is my 0.02: > > > > I think it would be useful to identify "unsafe" functions, so that > > anyone can participate in the "eyeball" portion of the game. This means > > that we need eyeballed, identified as a (potential) problem and fixed, > > as well as some other possiblities. There is a lot of code out there, > > and it would help if we could involve the non-programmers in the search. > > > > Comments? > > Yep, this is part of the "education" component: "this is what an unsafe > function call looks like, and this is how to fix it". There's bound to be > enough useful documentation out there which we can collect and point to. Speaking as a beginning programmer, longtime FreeBSD user: Given the above, I would be happy to contribute eyeballs. As a network engineer, I spend a lot of time alone with my laptop. Might I suggest a set of instructions along the lines of: a) This is what an unsafe function call looks like b) This is a typical workaround for unsafe call X, Y, Z c) Pick a chunk of code. Begin looking for these calls. d) when you find one of these calls 1) Apply the workaround 2) Make sure the program still compiles 3) submit patch to security-audit-coordinator@freebsd.org e) Repeat until intimately familiar with BSD In fact, I'll go further: If someone can point out a reliable resource on the Net for a) and b), I'll be happy to write up a first draft of "The FreeBSD Security Audit for Beginners". I'm sure that any number of programmers out there would be happy to review it for technical accuracy before putting it into circulation. After all, FreeBSD articles are covering Christmas this year. I suppose the least I can do is write something for you folks for free. ;) ==ml To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911232321.SAA03005>