Date: Fri, 08 Dec 2000 17:17:18 -0700 From: Warner Losh <imp@village.org> To: Will Andrews <will@physics.purdue.edu> Cc: Mike Silbersack <silby@silby.com>, freebsd-audit@FreeBSD.ORG Subject: Re: bitchx/ircd DNS overflow demonstration (fwd) Message-ID: <200012090017.RAA16499@harmony.village.org> In-Reply-To: Your message of "Fri, 08 Dec 2000 19:00:04 EST." <20001208190004.S572@puck.firepipe.net> References: <20001208190004.S572@puck.firepipe.net> <Pine.BSF.4.21.0012080032150.22989-101000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20001208190004.S572@puck.firepipe.net> Will Andrews writes: : On Fri, Dec 08, 2000 at 12:34:35AM -0600, Mike Silbersack wrote: : > Since people appear to be on an auditing rampage, I thought I'd forward : > this over to the list. It describes some DNS parsing bugs in a few ircds : > and BitchX that seem to have serious consequences. It may be worth a look : > into if programs in the base system have similar problems. : : Err, this is out of the list's charter IMO. We're only here to audit : code in FreeBSD itself. : : Anyone want to clarify the charter? Actually, I don't see any charter : anywhere.. When we created this list, we created it to coordinate a pass through the tree making sure that the code was doing things properly. Recently, people have been expanding its charter to include code reviews to ensure that code going into the system will not have new security holes (or old ones are identified). It is squishy if this includes ports or not. It isn't precluded, nor is it included. I'd say that we should go ahead and open it up on a provisional manner. One of four things will happen. 1) Nothing. No action needed. 2) A small number of changes will come in and the load won't be to bad. People on the list can easily keep up with it and do keep up with it. No action needed. 3) A huge number of changes and people keep up with it. So many changes come in that we need a new list. Action: audit-ports. 4) No one cares enough to bother, in which case we degenerate into #1 over time. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012090017.RAA16499>