Date: Tue, 23 Nov 1999 11:35:16 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: Mark Murray <mark@grondar.za> Cc: current@freebsd.org Subject: Re: FreeBSD security auditing project. Message-ID: <Pine.BSF.4.21.9911231123090.38330-100000@hub.freebsd.org> In-Reply-To: <199911231905.VAA80949@gratis.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 23 Nov 1999, Mark Murray wrote:
> 1) We need to eyeball _all_ of the code for potential security holes,
> and fix those ASAP.
>
> 2) I propose that <WE> diff(1) FreeBSD with {Open|Net}BSD, and with a
> security perspective apply those bits that look relevant and that will
> work. Who nose - we may even pick up some useful featurez!
I've been slowly trying to do some of this, and got through at least some
of bin/ so far (billf has also been doing work on this, as have probably
others). Probably this is the easiest way to get progress towards this
goal - since FreeBSD is genetically very similar to OpenBSD, they've
already fixed most of our security bugs (but not all!).
> I am prepared to provide a (semi-)automatic tool that folks can
> submit their efforts to. (Yes, this is a group effort, we all need to
> get involved and donate our Copious Free Time. All the time that is
> currently invested in flamewars would be better spent here, *hint*
> *hint*.) The tool will be web-based and will give a good idea of
> progress, so we can even turn it into a sort of competition.
>
> Here is a starter list of what we need to audit for:
>
> o unsafe use of the str*(3) functions; strcat/strcpy/sprintf &c.
I wonder how many instances of the potentially unsafe functions there are
in the source tree? :)
> o unsafe buffer handling (probably better handled by str*(3)??)
>
> o tmpfile races.
There is still a predictable tempfile name somewhere in binutils(?) which
gets invoked during a parallel make world (with -pipe?). Sorry I can't
remember more details, it was a while ago I found it. Running make world
-j2 with the tempwatch port active will find the file, though.
> o unsafe use of command line or environment variables (?).
>
> o unsafe passing/exposure of sensitive data.
>
> o &c. please contribute here....
Probably a good resource would be to collect together a bunch of
papers/references describing what kinds of vulerabilities exist, how to
exploit them, and how to avoid them (e.g. old phrack/bugtraq articles,
etc). Programmer education is the key to secure programming! :-)
I have some 500+ commit messages in my openbsd folder which are things I
need to investigate further for relevancy. Some way of sharing these with
the group, adding/removing/vetting changes which should be looked at would
be very useful.
Kris
----
Cthulhu for President! For when you're tired of choosing the _lesser_ of
two evils..
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9911231123090.38330-100000>