From owner-freebsd-security Thu Dec 9 13:13:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from kronos.alcnet.com (kronos.alcnet.com [63.69.28.22]) by hub.freebsd.org (Postfix) with ESMTP id 7752215682; Thu, 9 Dec 1999 13:13:08 -0800 (PST) (envelope-from kbyanc@posi.net) X-Provider: ALC Communications, Inc. http://www.alcnet.com/ Received: from localhost (kbyanc@localhost) by kronos.alcnet.com (8.9.3/8.9.3/antispam) with ESMTP id QAA23898; Thu, 9 Dec 1999 16:13:03 -0500 (EST) Date: Thu, 9 Dec 1999 16:13:03 -0500 (EST) From: Kelly Yancey X-Sender: kbyanc@kronos.alcnet.com To: "Ilmar S. Habibulin" Cc: freebsd-audit@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: question to auditors In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 9 Dec 1999, Ilmar S. Habibulin wrote: > > I'm wondering what do you guys search in the sources. I know that there > are some functions like gets(), which don't check bounds of arrays, and > possible problems with setuid/setgid bits. So i have some questions like: > > - what is the full list of risky functions > - what else could be a treat to security, integrety or functionality of > some application > - or where can i find full answers to my maybe stupid questions > Well, I'm working on a web site where such information will be located (along with the audit progress itself). Unfortunately, the holidays are slowing development :( Kelly -- Kelly Yancey - kbyanc@posi.net - Richmond, VA Director of Technical Services, ALC Communications http://www.alcnet.com/ Maintainer, BSD Driver Database http://www.posi.net/freebsd/drivers/ Coordinator, Team FreeBSD http://www.posi.net/freebsd/Team-FreeBSD/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message