Date: Thu, 9 Dec 1999 16:13:03 -0500 (EST) From: Kelly Yancey <kbyanc@posi.net> To: "Ilmar S. Habibulin" <ilmar@ints.ru> Cc: freebsd-audit@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: question to auditors Message-ID: <Pine.BSF.4.05.9912091611370.23589-100000@kronos.alcnet.com> In-Reply-To: <Pine.BSF.4.21.9912092257170.317-100000@ws-ilmar.ints.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 9 Dec 1999, Ilmar S. Habibulin wrote: > > I'm wondering what do you guys search in the sources. I know that there > are some functions like gets(), which don't check bounds of arrays, and > possible problems with setuid/setgid bits. So i have some questions like: > > - what is the full list of risky functions > - what else could be a treat to security, integrety or functionality of > some application > - or where can i find full answers to my maybe stupid questions > Well, I'm working on a web site where such information will be located (along with the audit progress itself). Unfortunately, the holidays are slowing development :( Kelly -- Kelly Yancey - kbyanc@posi.net - Richmond, VA Director of Technical Services, ALC Communications http://www.alcnet.com/ Maintainer, BSD Driver Database http://www.posi.net/freebsd/drivers/ Coordinator, Team FreeBSD http://www.posi.net/freebsd/Team-FreeBSD/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9912091611370.23589-100000>