Date: Wed, 1 Dec 1999 01:04:56 -0500 From: matt@csis.gvsu.edu To: freebsd-audit@freebsd.org Subject: [matt@: Re: Time to redirect! (Was: Re: Topics for -security vs. topics for -audit)] Message-ID: <19991201010456.A47649@badmofo>
next in thread | raw e-mail | index | archive | help
Oops! Forgot to cc -audit and include a "resume". My "resume" is pretty limited, I've had about 5 years C experience and 1 year studying secure programming techniques. I suppose I don't have any specific "strengths", but I'm willing to help out in any way possible! I'll be available in roughly 2 weeks (after exams). > So far, the results (c|sh)ould be: > 1) Code examined by <auditor> and deemed > [SNIP] Definately, the first targets should be S[UG]ID programs and network daemons. > c) to have adopted (where appropriate) such fixes/features > offered by our sister BSD's. I see that OpenBSD's strlcpy() and strlcat() are integrated in 3.3, but they don't seem to used at all (at least on -STABLE). Perhaps it's even worth the effort to audit some of the more popular ports? I assume the target will be -CURRENT? -- http://www.csis.gvsu.edu/matt 03 F8 23 C5 43 A2 F7 5A 24 49 F7 B0 3A F9 B1 7F Try to understand everything, but believe nothing To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991201010456.A47649>