From owner-freebsd-current Tue Nov 23 11: 5:48 1999 Delivered-To: freebsd-current@freebsd.org Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.133]) by hub.freebsd.org (Postfix) with ESMTP id 3F01C14F04 for ; Tue, 23 Nov 1999 11:05:35 -0800 (PST) (envelope-from mark@grondar.za) Received: from grondar.za (localhost [127.0.0.1]) by gratis.grondar.za (8.9.3/8.9.3) with ESMTP id VAA80946 for ; Tue, 23 Nov 1999 21:05:26 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199911231905.VAA80946@gratis.grondar.za> To: current@freebsd.org Subject: FreeBSD security auditing project. Date: Tue, 23 Nov 1999 21:05:25 +0200 From: Mark Murray Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello FreebSD'ers! [ Apologies to committers, I have Bcc'ed you to ensure you got this; you may get two copies. ] I have been charged with the duty of ensuring that FreeBSD gets a security audit that has the credibility of OpenBSD's. Consider this to be a request-for-discussion that will head us over to the actual work of getting it done. My proposals are pretty simple; 1) We need to eyeball _all_ of the code for potential security holes, and fix those ASAP. 2) I propose that diff(1) FreeBSD with {Open|Net}BSD, and with a security perspective apply those bits that look relevant and that will work. Who nose - we may even pick up some useful featurez! I am prepared to provide a (semi-)automatic tool that folks can submit their efforts to. (Yes, this is a group effort, we all need to get involved and donate our Copious Free Time. All the time that is currently invested in flamewars would be better spent here, *hint* *hint*.) The tool will be web-based and will give a good idea of progress, so we can even turn it into a sort of competition. Here is a starter list of what we need to audit for: o unsafe use of the str*(3) functions; strcat/strcpy/sprintf &c. o unsafe buffer handling (probably better handled by str*(3)??) o tmpfile races. o password buffers not being zeroed fast enough o unsafe use of command line or environment variables (?). o unsafe passing/exposure of sensitive data. o &c. please contribute here.... Let the discussion begin! All contributions welcome. Volunteers for the effort (there were lots of you at FreeBSDCon) please fight your way to the front now! You'll need to be a $#|t-hot programmer, paranoid, and experienced in code auditing to do the actual code review, but any other skills that may be of use (*anything* - volunteers are most welcome!!) please come forward with a miniresume and a proposal. I'll get a mailing list going if this is deemed necessary. Thanks! M To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message