From owner-freebsd-hackers Tue Feb 11 10:23:49 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA08903 for hackers-outgoing; Tue, 11 Feb 1997 10:23:49 -0800 (PST) Received: from nic.follonett.no (nic.follonett.no [194.198.43.10]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA08897 for ; Tue, 11 Feb 1997 10:23:46 -0800 (PST) Received: (from uucp@localhost) by nic.follonett.no (8.8.5/8.8.3) with UUCP id TAA13718; Tue, 11 Feb 1997 19:21:34 +0100 (MET) Received: from oo7 (oo7.dimaga.com [192.0.0.65]) by dimaga.com (8.7.5/8.7.2) with SMTP id TAA12192; Tue, 11 Feb 1997 19:14:51 +0100 (MET) Message-Id: <3.0.32.19970211191451.00b80ec0@dimaga.com> X-Sender: eivind@dimaga.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 11 Feb 1997 19:14:52 +0100 To: Warner Losh From: Eivind Eklund Subject: Re: Increasing overall security.... Cc: freebsd-hackers@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk At 08:40 AM 2/11/97 -0700, Warner Losh wrote: >Keep in mind, as was recently pointed out to me, that just bringing in >the OpenBSD patches will not make FreeBSD secure. For that a top to >bottom audit of code running at elevated priviledge must be >completed. The patches will tend to make FreeBSD more secure, but you >won't know until after you've audited if you've grabbed everything or >not. You won't ever know. I do not believe FreeBSD (or any other major OS written in C) will ever be 100% secure - there are too many pitfalls, and too easy to write unsafe code. However, we can always strive towards it, and removing just *one* more of the easy breakins make it just that little bit harder for the hackers. A nice thing I've been noticing lately is that when I do security audits for selected parts of the 2.1.6 code and find exploits, they tend to be fixed in -current already. That at least show that the obvious stuff is going away. Eivind Eklund perhaps@yes.no http://maybe.yes.no/perhaps/ eivind@freebsd.org