From owner-freebsd-security@freebsd.org Fri Feb 19 19:07:10 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2406BAADEED for ; Fri, 19 Feb 2016 19:07:10 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1C3C51ADA for ; Fri, 19 Feb 2016 19:07:09 +0000 (UTC) (envelope-from marquis@roble.com) Date: Fri, 19 Feb 2016 11:07:03 -0800 (PST) From: Roger Marquis To: freebsd-security@freebsd.org Subject: PVS-Studio Analyzer Spots 40 Bugs In the FreeBSD Kernel MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Feb 2016 19:07:10 -0000 In light of recently found kernel anomalies[1][2] and considering the FBI's reckless effort to force Apple to build an iPhone backdoor[3] it would only be prudent to consider the risk of less transparent efforts by our three and four letter agencies (and NGOs) targeting our FOSS. Towards that goal I'm wondering if FreeBSD base has ever been analyzed for patterns of suspicious commits[4]? Roger Marquis Refs. [1] http://www.viva64.com/en/b/0377/ [2] http://tech.slashdot.org/story/16/02/19/001202/pvs-studio-analyzer-spots-40-bugs-in-the-freebsd-kernel [3] http://www.apple.com/customer-letter/ [4] http://blogs.marketwatch.com/thetell/2014/04/11/heartbleed-bug-was-introduced-seconds-before-new-years-day-2012/