From owner-freebsd-security@FreeBSD.ORG Mon Aug 11 14:12:11 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 470C737B401 for ; Mon, 11 Aug 2003 14:12:11 -0700 (PDT) Received: from amsfep14-int.chello.nl (amsfep14-int.chello.nl [213.46.243.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id B671F43F93 for ; Mon, 11 Aug 2003 14:12:09 -0700 (PDT) (envelope-from dodell@sitetronics.com) Received: from internal ([213.46.141.159]) by amsfep14-int.chello.nl (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id <20030811211208.HVVJ15718.amsfep14-int.chello.nl@internal>; Mon, 11 Aug 2003 23:12:08 +0200 From: "Devon H. O'Dell" To: "'Mike Hoskins'" , Date: Mon, 11 Aug 2003 23:11:46 +0200 Organization: SiteTronics Message-ID: <000501c3604d$314639a0$9f8d2ed5@internal> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 In-Reply-To: <20030811133749.U27196@fubar.adept.org> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: RE: realpath(3) et al X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2003 21:12:11 -0000 I don't have jewels flowing out of my pockets, so to speak, but I'd be interested in contributing time/money in this sort of endeavor as well. = I'm tired of people not taking the stability and security very seriously. Kind regards, Devon H. O'Dell Systems and Network Engineer Simpli, Inc. Web Hosting http://www.simpli.biz > -----Oorspronkelijk bericht----- > Van: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- > security@freebsd.org] Namens Mike Hoskins > Verzonden: Monday, August 11, 2003 11:08 PM > Aan: security@freebsd.org > Onderwerp: realpath(3) et al >=20 >=20 > First, I hope that this message is not considered flame bait. As = someone > who has used FreeBSD for for 5+ years now, I have a genuine interest = in > the integrity of our source code. >=20 > Second, I hope that this message is not taken as any form of insult or > finger pointing. Software without bugs does not exist, and I think we = all > know that. Acknowledging that point and working to mitigate the risks > associated with it would seem to be our only real option. >=20 > That said, every time something like the recent realpath(3) issue = comes > to light, I find myself asking why I haven't at least tried to do more = to > review our source code or (more desirable) enable 3rd-party audits. >=20 > My question is... If enabling a 3rd-party audit for some target = release > (5.3+ I'd assume) is desirable, what would be needed money-, time- and > other-wise? I'm willing to invest both time and money to make this > happen. I'd expect such an endeavor to be tedious and expensive... = and, > of course, it would really need to be repeated occasionally to be of = real > value. (Probably, at least, after major version number changes.) > However, perhaps doing an audit of the base system now would help our > image in the security community? >=20 > All I know is, despite occasional arguments and rants, I like FreeBSD. > As long as it exists, I plan to have it installed... So it is in my = best > interest to help in any way I can. I know projects like = secure/trustedBSD > exist, but I am really looking for ways to promote the trust of the = base > system more than specialized projects/branches. >=20 > Thoughts? >=20 > -mrh >=20 > -- > From: "Spam Catcher" > To: spam-catcher@adept.org > Do NOT send email to the address listed above or > you will be added to a blacklist! > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security- > unsubscribe@freebsd.org"