From owner-freebsd-security@FreeBSD.ORG  Mon Aug 11 15:33:25 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4558737B401
	for <security@freebsd.org>; Mon, 11 Aug 2003 15:33:25 -0700 (PDT)
Received: from obsecurity.dyndns.org
	(adsl-64-169-107-97.dsl.lsan03.pacbell.net [64.169.107.97])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 80CC643F75
	for <security@freebsd.org>; Mon, 11 Aug 2003 15:33:24 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5])
	by obsecurity.dyndns.org (Postfix) with ESMTP
	id 3D69A66BE5; Mon, 11 Aug 2003 15:33:24 -0700 (PDT)
Received: by rot13.obsecurity.org (Postfix, from userid 1000)
	id 130877A8; Mon, 11 Aug 2003 15:33:24 -0700 (PDT)
Date: Mon, 11 Aug 2003 15:33:24 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Mike Hoskins <mike@adept.org>
Message-ID: <20030811223323.GA43868@rot13.obsecurity.org>
References: <20030811133749.U27196@fubar.adept.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="45Z9DzgjV8m4Oswq"
Content-Disposition: inline
In-Reply-To: <20030811133749.U27196@fubar.adept.org>
User-Agent: Mutt/1.4.1i
cc: security@freebsd.org
Subject: Re: realpath(3) et al
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2003 22:33:25 -0000


--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Aug 11, 2003 at 02:08:27PM -0700, Mike Hoskins wrote:

> My question is...  If enabling a 3rd-party audit for some target release
> (5.3+ I'd assume) is desirable, what would be needed money-, time- and
> other-wise?  I'm willing to invest both time and money to make this
> happen.  I'd expect such an endeavor to be tedious and expensive...  and,
> of course, it would really need to be repeated occasionally to be of real
> value.  (Probably, at least, after major version number changes.)
> However, perhaps doing an audit of the base system now would help our
> image in the security community?

Help with auditing is always welcomed.  See the freebsd-audit mailing
list.

Kris


--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQE/OBmzWry0BWjoQKURAhUkAKC9LP+td0lASSNE/GkKnbM8NZ/CoQCfYC9c
JuC+knGcUSiSC9+qwOBkDHE=
=dgx+
-----END PGP SIGNATURE-----

--45Z9DzgjV8m4Oswq--