From owner-freebsd-audit  Wed Dec  1  8:27: 4 1999
Delivered-To: freebsd-audit@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id E4CF715BB1
	for <freebsd-audit@FreeBSD.ORG>; Wed,  1 Dec 1999 08:27:00 -0800 (PST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id JAA13433;
	Wed, 1 Dec 1999 09:26:26 -0700 (MST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id JAA02551; Wed, 1 Dec 1999 09:26:26 -0700 (MST)
Message-Id: <199912011626.JAA02551@harmony.village.org>
To: Brad Knowles <blk@skynet.be>
Subject: Re: Where to start? Heres a few overflows. 
Cc: tstromberg@rtci.com, freebsd-audit@FreeBSD.ORG
In-reply-to: Your message of "Wed, 01 Dec 1999 17:22:27 +0100."
		<v04205513b46afa98c429@[195.238.21.204]> 
References: <v04205513b46afa98c429@[195.238.21.204]>  <384527B9.3A3E3C41@rtci.com> <38445A6A.50245AF5@rtci.com> <199911302322.QAA05983@harmony.village.org> <199912011609.JAA02320@harmony.village.org> 
Date: Wed, 01 Dec 1999 09:26:26 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <v04205513b46afa98c429@[195.238.21.204]> Brad Knowles writes:
: 	As I recall, one of the goals that OpenBSD used in their audit 
: process was that they fixed bugs wherever they ran across them, 
: regardless of whether they believed they were exploitable.  This has 
: protected them against a number of exploits that have since become 
: known, since the bug that someone is trying to exploit simply no 
: longer exists under OpenBSD.
: 
: 	Do we not want to employ the same kind of methodology, or have I 
: missed something here?

Yes, we do, but we don't want to put everything into stable on an
expitited basis unless there is a compelling reason to expitite the
change.  We do want to merge these changes into stable when they have
stood the test of time in -current first.  That's my only point here.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message