Date: Mon, 11 Aug 2003 14:45:35 -0700 From: "Wlodek" <wwk761@telus.net> To: <security@freebsd.org> Cc: dodell@sitetronics.com Subject: Re: realpath(3) et al Message-ID: <000501c36051$e7149890$e901a8c0@BRZMI> References: <000501c3604d$314639a0$9f8d2ed5@internal>
next in thread | previous in thread | raw e-mail | index | archive | help
count me in as well /r/ wlodek ----- Original Message ----- From: "Devon H. O'Dell" <dodell@sitetronics.com> To: "'Mike Hoskins'" <mike@adept.org>; <security@freebsd.org> Sent: Monday, August 11, 2003 2:11 PM Subject: RE: realpath(3) et al I don't have jewels flowing out of my pockets, so to speak, but I'd be interested in contributing time/money in this sort of endeavor as well. I'm tired of people not taking the stability and security very seriously. Kind regards, Devon H. O'Dell Systems and Network Engineer Simpli, Inc. Web Hosting http://www.simpli.biz > -----Oorspronkelijk bericht----- > Van: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- > security@freebsd.org] Namens Mike Hoskins > Verzonden: Monday, August 11, 2003 11:08 PM > Aan: security@freebsd.org > Onderwerp: realpath(3) et al > > > First, I hope that this message is not considered flame bait. As someone > who has used FreeBSD for for 5+ years now, I have a genuine interest in > the integrity of our source code. > > Second, I hope that this message is not taken as any form of insult or > finger pointing. Software without bugs does not exist, and I think we all > know that. Acknowledging that point and working to mitigate the risks > associated with it would seem to be our only real option. > > That said, every time something like the recent realpath(3) issue comes > to light, I find myself asking why I haven't at least tried to do more to > review our source code or (more desirable) enable 3rd-party audits. > > My question is... If enabling a 3rd-party audit for some target release > (5.3+ I'd assume) is desirable, what would be needed money-, time- and > other-wise? I'm willing to invest both time and money to make this > happen. I'd expect such an endeavor to be tedious and expensive... and, > of course, it would really need to be repeated occasionally to be of real > value. (Probably, at least, after major version number changes.) > However, perhaps doing an audit of the base system now would help our > image in the security community? > > All I know is, despite occasional arguments and rants, I like FreeBSD. > As long as it exists, I plan to have it installed... So it is in my best > interest to help in any way I can. I know projects like secure/trustedBSD > exist, but I am really looking for ways to promote the trust of the base > system more than specialized projects/branches. > > Thoughts? > > -mrh > > -- > From: "Spam Catcher" <spam-catcher@adept.org> > To: spam-catcher@adept.org > Do NOT send email to the address listed above or > you will be added to a blacklist! > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security- > unsubscribe@freebsd.org" _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000501c36051$e7149890$e901a8c0>