Date: Fri, 13 Sep 2013 12:17:06 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Lev Serebryakov <lev@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, Julian Elischer <julian@freebsd.org> Subject: Re: FreeBSD Transient Memory problem? Message-ID: <86k3il58m5.fsf@nine.des.no> In-Reply-To: <1458963304.20130913091835@serebryakov.spb.ru> (Lev Serebryakov's message of "Fri, 13 Sep 2013 09:18:35 %2B0400") References: <CAGX1DMbQP=TggYQm-3hra0Od3gjgz5xQ8bEMMrueuhL6kuZMUA@mail.gmail.com> <5231D461.5050504@freebsd.org> <1458963304.20130913091835@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Lev Serebryakov <lev@FreeBSD.org> writes: > In my expirience, "Security audit" people, who could, for example, do > PCI/DSS audit, are like this. So, yet, it is their level of > competence, but you could not pass around them, if you want official > PCI/DSS certification, for example. Did you seen this epic thread on > stackoverflow (or its devops/sysops counterpart) about "log file with > every login of each user with password in clear text,'' for example? That was the first thing that sprung to my mind as well. scryptkiddy, you should tell them to read this: http://serverfault.com/questions/293217/our-security-auditor-is-an-idiot-how-do-i-give-him-the-information-he-wants I've been in a similar situation myself. The JITC audited a customer's product for IPv6 compliance and failed it because it did not put an ICMP destination unreachable on the wire when neighbor discovery failed. Note that the RFC *explicitly states* (but not in a normative section) that this is not required when the error occurs on the originating node. (the product in question did not run FreeBSD, but used an old version of the FreeBSD IPv6 stack) They had other idiotic requirements that we were able to work around, and found one genuine but benign bug that had already been fixed in FreeBSD. DES -- Dag-Erling Smørgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86k3il58m5.fsf>