From owner-freebsd-audit Thu Dec 2 7:35:54 1999 Delivered-To: freebsd-audit@freebsd.org Received: from smtp.manhattanprojects.com (smtp.manhattanprojects.com [207.181.119.22]) by hub.freebsd.org (Postfix) with ESMTP id 18FC914D4A; Thu, 2 Dec 1999 07:35:51 -0800 (PST) (envelope-from gerald@manhattanprojects.com) Received: from manhattanprojects.com (xs.lab.glc.com [10.0.0.14]) by smtp.manhattanprojects.com (8.9.1/8.8.7) with ESMTP id KAA04463; Thu, 2 Dec 1999 10:27:05 -0500 (EST) (envelope-from gerald@manhattanprojects.com) Message-ID: <384691C6.347BE836@manhattanprojects.com> Date: Thu, 02 Dec 1999 10:35:34 -0500 From: Gerald Abshez X-Mailer: Mozilla 4.05 [en] (X11; I; FreeBSD 2.2.5-RELEASE i386) MIME-Version: 1.0 To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: Auditing ports References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris Kennaway wrote: > > [crossposting discussion about auditing of ports which install > setuid/setgid binaries to gather input from the ports crowd..] While I'm all in favour of making _everything_ secure, I feel we have to concentrate on the core functionality. Let's not put the cart before the horse - The base system should be fully eyeballed before we get all of the ports done. If we already have volunteers and enough bodies for that, then lets do this. But I think that we may want to backburner this until we've done a check of the non-port stuff. Gerald. -- This is your FreeBSD -- Where do YOU want to go tommorow? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message