Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Aug 2003 23:11:46 +0200
From:      "Devon H. O'Dell" <dodell@sitetronics.com>
To:        "'Mike Hoskins'" <mike@adept.org>, <security@freebsd.org>
Subject:   RE: realpath(3) et al
Message-ID:  <000501c3604d$314639a0$9f8d2ed5@internal>
In-Reply-To: <20030811133749.U27196@fubar.adept.org>

next in thread | previous in thread | raw e-mail | index | archive | help
I don't have jewels flowing out of my pockets, so to speak, but I'd be
interested in contributing time/money in this sort of endeavor as well. =
I'm
tired of people not taking the stability and security very seriously.

Kind regards,

Devon H. O'Dell
Systems and Network Engineer
Simpli, Inc. Web Hosting
http://www.simpli.biz

> -----Oorspronkelijk bericht-----
> Van: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-
> security@freebsd.org] Namens Mike Hoskins
> Verzonden: Monday, August 11, 2003 11:08 PM
> Aan: security@freebsd.org
> Onderwerp: realpath(3) et al
>=20
>=20
> First, I hope that this message is not considered flame bait.  As =
someone
> who has used FreeBSD for for 5+ years now, I have a genuine interest =
in
> the integrity of our source code.
>=20
> Second, I hope that this message is not taken as any form of insult or
> finger pointing.  Software without bugs does not exist, and I think we =
all
> know that.  Acknowledging that point and working to mitigate the risks
> associated with it would seem to be our only real option.
>=20
> That said, every time something like the recent realpath(3) issue =
comes
> to light, I find myself asking why I haven't at least tried to do more =
to
> review our source code or (more desirable) enable 3rd-party audits.
>=20
> My question is...  If enabling a 3rd-party audit for some target =
release
> (5.3+ I'd assume) is desirable, what would be needed money-, time- and
> other-wise?  I'm willing to invest both time and money to make this
> happen.  I'd expect such an endeavor to be tedious and expensive...  =
and,
> of course, it would really need to be repeated occasionally to be of =
real
> value.  (Probably, at least, after major version number changes.)
> However, perhaps doing an audit of the base system now would help our
> image in the security community?
>=20
> All I know is, despite occasional arguments and rants, I like FreeBSD.
> As long as it exists, I plan to have it installed...  So it is in my =
best
> interest to help in any way I can.  I know projects like =
secure/trustedBSD
> exist, but I am really looking for ways to promote the trust of the =
base
> system more than specialized projects/branches.
>=20
> Thoughts?
>=20
> -mrh
>=20
> --
> From: "Spam Catcher" <spam-catcher@adept.org>
> To: spam-catcher@adept.org
> Do NOT send email to the address listed above or
> you will be added to a blacklist!
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-
> unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000501c3604d$314639a0$9f8d2ed5>