Date: Sat, 14 Sep 2013 14:26:09 +0400 From: Lev Serebryakov <lev@FreeBSD.org> To: Brett Glass <brett@lariat.org> Cc: Dan Lukes <dan@obluda.cz>, Jonathon Wright <jonathon.s.wright@gmail.com>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: FreeBSD Transient Memory problem? Message-ID: <147224144.20130914142609@serebryakov.spb.ru> In-Reply-To: <201309131611.KAA09855@mail.lariat.net> References: <CAGX1DMbQP=TggYQm-3hra0Od3gjgz5xQ8bEMMrueuhL6kuZMUA@mail.gmail.com> <20130912053559.GF68682@funkthat.com> <979901F9-5F25-4DF1-95A8-32473C55B25F@gmail.com> <52320144.2090807@freebsd.org> <CAGX1DMYAheUAV_eB4Z4R_YaMDx_LzrepEag5KyBC=EOxzhUiMQ@mail.gmail.com> <EC4378DB-3AF0-40F7-98BC-0FE6D318938E@gmail.com> <CAGX1DMY=bSpOkzHT=4mYVfSb_tUR6TVTwZqnUcNM-ORa-GBsRg@mail.gmail.com> <201309130040.SAA28208@mail.lariat.net> <CAGX1DMaONPyJ=5yiu%2BFGxa6Q_9WK4hzht7MF5K2%2BCzMWrpfYbg@mail.gmail.com> <CA%2B7WWScZB2UE9zM10YGMSGS4t1dat2CN5Eb3BDxKMZbWEFTz5A@mail.gmail.com> <5232BE53.4040900@obluda.cz> <201309131611.KAA09855@mail.lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Brett. You wrote 13 =D1=81=D0=B5=D0=BD=D1=82=D1=8F=D0=B1=D1=80=D1=8F 2013 =D0=B3.,= 15:47:13: >>Juniper's FreeBSD has been verified (whatever it mean in such particular >>case) as installed inside such router - e.g. version, patch level, >>kernel compilation options, loaded kernel modules, ... >> >>In short, results of security audit of FreeBSD 9.1-R-p2 compiled without >>if_re module is not applicable to FreeBSD 9.1-R-p3 compiled with if_re >>module nor to FreeBSD 9.1-R-p3 compiled without if_re module BG> True, but the details of memory allocation and scrubbing are unlikely to BG> change. This "but" is not applicable to formal certification process. As engineer you are totally right. But certification is not engineering. Certificate is given to one concrete configuration. In some certification processes even change of brand of memory modules in computer could avoid certificate, for example (I don't say, that it is so for EVERY certification, but formal, bank- or government-recognized security ones typically are SUCH strict). --=20 // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?147224144.20130914142609>