From owner-freebsd-audit Tue Nov 30 22: 5:23 1999 Delivered-To: freebsd-audit@freebsd.org Received: from turing.csis.gvsu.edu (turing.csis.gvsu.edu [148.61.162.181]) by hub.freebsd.org (Postfix) with SMTP id 775A214C56 for ; Tue, 30 Nov 1999 22:05:20 -0800 (PST) (envelope-from matt@csis.gvsu.edu) Received: (qmail 834 invoked by uid 0); 1 Dec 1999 06:05:19 -0000 Received: from pm493-26.dialip.mich.net (HELO 198.110.188.228) (198.110.188.228) by csis.gvsu.edu with SMTP; 1 Dec 1999 06:05:19 -0000 Received: (qmail 65618 invoked by uid 500); 1 Dec 1999 06:04:56 -0000 From: matt@csis.gvsu.edu Date: Wed, 1 Dec 1999 01:04:56 -0500 To: freebsd-audit@freebsd.org Subject: [matt@: Re: Time to redirect! (Was: Re: Topics for -security vs. topics for -audit)] Message-ID: <19991201010456.A47649@badmofo> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i X-my-OS-is-better-than-your-OS: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Oops! Forgot to cc -audit and include a "resume". My "resume" is pretty limited, I've had about 5 years C experience and 1 year studying secure programming techniques. I suppose I don't have any specific "strengths", but I'm willing to help out in any way possible! I'll be available in roughly 2 weeks (after exams). > So far, the results (c|sh)ould be: > 1) Code examined by and deemed > [SNIP] Definately, the first targets should be S[UG]ID programs and network daemons. > c) to have adopted (where appropriate) such fixes/features > offered by our sister BSD's. I see that OpenBSD's strlcpy() and strlcat() are integrated in 3.3, but they don't seem to used at all (at least on -STABLE). Perhaps it's even worth the effort to audit some of the more popular ports? I assume the target will be -CURRENT? -- http://www.csis.gvsu.edu/matt 03 F8 23 C5 43 A2 F7 5A 24 49 F7 B0 3A F9 B1 7F Try to understand everything, but believe nothing To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message