From owner-freebsd-arch Thu Jul 19 21: 3:45 2001 Delivered-To: freebsd-arch@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-215.dsl.lsan03.pacbell.net [63.207.60.215]) by hub.freebsd.org (Postfix) with ESMTP id 2B55F37B408; Thu, 19 Jul 2001 21:03:35 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id BC7F766C4D; Thu, 19 Jul 2001 21:03:33 -0700 (PDT) Date: Thu, 19 Jul 2001 21:03:33 -0700 From: Kris Kennaway To: David O'Brien Cc: Kris Kennaway , Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010719210332.A78418@xor.obsecurity.org> References: <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> <20010719123015.A44746@xor.obsecurity.org> <20010719203700.B94074@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010719203700.B94074@dragon.nuxi.com>; from obrien@FreeBSD.ORG on Thu, Jul 19, 2001 at 08:37:00PM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 19, 2001 at 08:37:00PM -0700, David O'Brien wrote: > On Thu, Jul 19, 2001 at 12:30:16PM -0700, Kris Kennaway wrote: > > > Are you now holding all daemon hostage? I think you're being too str= ong > > > on this statement. If this is going to be the case, please document = that > > > from now on daemon changes (or new ones) must be pre-approved by the = S.O. > >=20 > > You're being facetious. >=20 > A little. But I do find that your power play seems to be arbitrarily > applied to LukeM ftpd. There haven't been any other cases of similar impact recently for me to stand up and do my thing over. If someone wanted to -- say -- commit a replacement IPv4 stack which had been rewritten from scratch, or a rewritten inetd, etc, then I'd be saying the exact same thing. I can't afford to yell and scream about the potential insecurity of every change made to FreeBSD, even though almost every commit includes the possibility to introduce insecurity, because people wouldn't stand for it (and rightly so), so I have to pick my battles and limit it to cases where I perceive the risk to be great enough. For example, that includes yelling at committers when they make a "risky" commit (i.e. to a security-critical area of the tree) which wasn't reviewed, because of the large number of times such commits have turned around and bitten us a few months later (causing sometimes dozens of person-hours of work for the security team to clean up). > > I can't give you a commitment, but this is going to be my top priority > > to request once we figure out this funding thing. It will get done. >=20 > What does funding have to do with anything? All the auditing done so far > wasn't funded. If you asked your auditing contacts to spend time on > this, I think they most likely would. I fail to see why you will not > make a commitment. I have committed to GCC 3.0 in 5.0. I know the work > that will take, but I have done it anyway. JHB has committed to proc > locking for 5.0. There are numerous people that have committed to > getting X done for 5.0. You and John are being paid to work full-time on FreeBSD, and the projects you mentioned are projects you do during your >8 hours a day of paid FreeBSD hacking time. If you were working on these in your own time, say from 10pm at night after a hard day at work, I think you'd be much less firm about your ability to complete the project according to a deadline. Auditing of a non-trivial application is time-consuming and difficult. The kinds of bugs I expect might be found in something like ftpd are not the trivial ones involving misuse of sprintf(), but the deeply embedded ones which rely on interactions between several different parts of the code. That requires someone to sit down for a week and really become intimate with the code, which isn't something that most people can do in their spare time for an hour or two here and there (which is why no-one's done this so far). If someone is being paid to do the work as part of their day job, they have the ability to do this. Kris --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7V62TWry0BWjoQKURAogWAJ4golL/6OVlFnSuKhFLlio/vjXmoACg2tqG qxelyzpoemzvrhz3YQuQUEk= =VMgL -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message