From owner-freebsd-audit Fri Dec 3 21:37:56 1999 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 22F4514A2A; Fri, 3 Dec 1999 21:37:55 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 156D11CD7EE; Fri, 3 Dec 1999 21:37:55 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Fri, 3 Dec 1999 21:37:55 -0800 (PST) From: Kris Kennaway To: "Rodney W. Grimes" Cc: tstromberg@rtci.com, freebsd-audit@FreeBSD.ORG Subject: Re: More binaries with overflows. (7) In-Reply-To: <199912040532.VAA82253@gndrsh.dnsmgr.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 3 Dec 1999, Rodney W. Grimes wrote: > > I haven't checked the others yet > > Good work Kris, but I have a point about your commits, I didn't see > any ``reviewed by's: for them and you've now hidden the old flaw from > one of the only automated tools we have for finding these types of > flaws :-( That's because the only fixes I've committed unreviewed have not been security-related, but simple bugs which crashed the program (an off-by-one error on a buffer, and some just plain wrong code). These were trivial enough that they don't require a review. > -audit related fixes should really be very carefuly eyeballed by a few > reviewers, too often in the past hasty patch work by even the best of > security programmers has related to harder to find security bugs. I agree. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message