Date: Sat, 14 Sep 2013 10:43:27 +0800 From: Julian Elischer <julian@freebsd.org> To: John Baldwin <jhb@freebsd.org> Cc: Gary Palmer <gpalmer@freebsd.org>, freebsd-security@freebsd.org, John-Mark Gurney <jmg@funkthat.com>, Jonathon Wright <jonathon.s.wright@gmail.com> Subject: Re: FreeBSD Transient Memory problem? Message-ID: <5233CD4F.1020808@freebsd.org> In-Reply-To: <5233CCB6.9010205@freebsd.org> References: <CAGX1DMbQP=TggYQm-3hra0Od3gjgz5xQ8bEMMrueuhL6kuZMUA@mail.gmail.com> <20130913164718.GC33898@in-addr.com> <CAGX1DMZnk4vBxF-KTO5Zvdu3ZwaA3QVbyB%2BThagWed5i0OWSdg@mail.gmail.com> <201309131703.40685.jhb@freebsd.org> <5233CCB6.9010205@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/14/13 10:40 AM, Julian Elischer wrote: > On 9/14/13 5:03 AM, John Baldwin wrote: >> On Friday, September 13, 2013 2:23:19 pm Jonathon Wright wrote: >>> Well stated Gary. >>> >>> I need to divulge more information it appears. The reason I'm >>> unable to >>> effectively fight the semantic game, and not pay the auditors, >>> etc. etc. is >>> because the auditors are the DoD. We work for a private company >>> that's >>> contracted out to provide services to the DoD. But we still have >>> to pass >>> their inspections. As you all know, the DoD does not exactly see >>> things in >>> anything but black and white. >>> >>> So yes, my management is freaked out because the DoD auditors >>> (paid for by >>> the DoD btw) are finding issues that we have to resolve to keep the >>> contract going. That's why my hands are tied. I'll give them >>> credit though, >>> they are allowing me to demonstrate FreeBSD's capability in this >>> manner by >>> providing documentation since FreeBSD does not have the cert. >>> Thats the >>> first non-black and white auditor check I've seen in years. >>> >>> We have lots of time and efforts invested in our architecture >>> which is >>> based on FreeBSD and thats why we're fighting to keep it, hence >>> the start >>> of this post. >>> >>> Thanks again for all the insights, I'll keep ya up to date. We >>> have another >>> month or so to work this, so we're still formulating an initial >>> response. >> I think the sensible thing they are looking for is that new pages >> don't leak >> data between processes, not anything to do with malloc zeroing, >> etc. FreeBSD >> definitely does do this. However, the "right" answer is probably >> that you >> will have to pay to have the version of FreeBSD you are currently >> using >> audited. > > this will probably be a lot cheaper than changing to Linux at this > point. It is possible you could ask the FreeBSD Foundation if they would put up some of the cash as a project.. it may be generally useful. > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5233CD4F.1020808>