From owner-freebsd-security@FreeBSD.ORG Sat Sep 14 02:43:38 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 4ABF7FDF; Sat, 14 Sep 2013 02:43:38 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 0018E2B87; Sat, 14 Sep 2013 02:43:37 +0000 (UTC) Received: from Julian-MBP3.local (ppp121-45-245-177.lns20.per2.internode.on.net [121.45.245.177]) (authenticated bits=0) by vps1.elischer.org (8.14.6/8.14.6) with ESMTP id r8E2hWFl089267 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 13 Sep 2013 19:43:35 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <5233CD4F.1020808@freebsd.org> Date: Sat, 14 Sep 2013 10:43:27 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: John Baldwin Subject: Re: FreeBSD Transient Memory problem? References: <20130913164718.GC33898@in-addr.com> <201309131703.40685.jhb@freebsd.org> <5233CCB6.9010205@freebsd.org> In-Reply-To: <5233CCB6.9010205@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Gary Palmer , freebsd-security@freebsd.org, John-Mark Gurney , Jonathon Wright X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Sep 2013 02:43:38 -0000 On 9/14/13 10:40 AM, Julian Elischer wrote: > On 9/14/13 5:03 AM, John Baldwin wrote: >> On Friday, September 13, 2013 2:23:19 pm Jonathon Wright wrote: >>> Well stated Gary. >>> >>> I need to divulge more information it appears. The reason I'm >>> unable to >>> effectively fight the semantic game, and not pay the auditors, >>> etc. etc. is >>> because the auditors are the DoD. We work for a private company >>> that's >>> contracted out to provide services to the DoD. But we still have >>> to pass >>> their inspections. As you all know, the DoD does not exactly see >>> things in >>> anything but black and white. >>> >>> So yes, my management is freaked out because the DoD auditors >>> (paid for by >>> the DoD btw) are finding issues that we have to resolve to keep the >>> contract going. That's why my hands are tied. I'll give them >>> credit though, >>> they are allowing me to demonstrate FreeBSD's capability in this >>> manner by >>> providing documentation since FreeBSD does not have the cert. >>> Thats the >>> first non-black and white auditor check I've seen in years. >>> >>> We have lots of time and efforts invested in our architecture >>> which is >>> based on FreeBSD and thats why we're fighting to keep it, hence >>> the start >>> of this post. >>> >>> Thanks again for all the insights, I'll keep ya up to date. We >>> have another >>> month or so to work this, so we're still formulating an initial >>> response. >> I think the sensible thing they are looking for is that new pages >> don't leak >> data between processes, not anything to do with malloc zeroing, >> etc. FreeBSD >> definitely does do this. However, the "right" answer is probably >> that you >> will have to pay to have the version of FreeBSD you are currently >> using >> audited. > > this will probably be a lot cheaper than changing to Linux at this > point. It is possible you could ask the FreeBSD Foundation if they would put up some of the cash as a project.. it may be generally useful. > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > >