From owner-freebsd-security@FreeBSD.ORG  Sat Sep 14 10:26:27 2013
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 62F4013E
 for <freebsd-security@freebsd.org>; Sat, 14 Sep 2013 10:26:27 +0000 (UTC)
 (envelope-from lev@FreeBSD.org)
Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru
 [46.4.40.135]) by mx1.freebsd.org (Postfix) with ESMTP id 1E7622E31
 for <freebsd-security@freebsd.org>; Sat, 14 Sep 2013 10:26:27 +0000 (UTC)
Received: from lion.home.serebryakov.spb.ru (unknown
 [IPv6:2001:470:923f:1:e570:39d1:5fba:531f])
 (Authenticated sender: lev@serebryakov.spb.ru)
 by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPSA id 642534AC58;
 Sat, 14 Sep 2013 14:26:18 +0400 (MSK)
Date: Sat, 14 Sep 2013 14:26:09 +0400
From: Lev Serebryakov <lev@FreeBSD.org>
X-Priority: 3 (Normal)
Message-ID: <147224144.20130914142609@serebryakov.spb.ru>
To: Brett Glass <brett@lariat.org>
Subject: Re: FreeBSD Transient Memory problem?
In-Reply-To: <201309131611.KAA09855@mail.lariat.net>
References: <CAGX1DMbQP=TggYQm-3hra0Od3gjgz5xQ8bEMMrueuhL6kuZMUA@mail.gmail.com>
 <20130912053559.GF68682@funkthat.com>
 <979901F9-5F25-4DF1-95A8-32473C55B25F@gmail.com>
 <52320144.2090807@freebsd.org>
 <CAGX1DMYAheUAV_eB4Z4R_YaMDx_LzrepEag5KyBC=EOxzhUiMQ@mail.gmail.com>
 <EC4378DB-3AF0-40F7-98BC-0FE6D318938E@gmail.com>
 <CAGX1DMY=bSpOkzHT=4mYVfSb_tUR6TVTwZqnUcNM-ORa-GBsRg@mail.gmail.com>
 <201309130040.SAA28208@mail.lariat.net>
 <CAGX1DMaONPyJ=5yiu+FGxa6Q_9WK4hzht7MF5K2+CzMWrpfYbg@mail.gmail.com>
 <CA+7WWScZB2UE9zM10YGMSGS4t1dat2CN5Eb3BDxKMZbWEFTz5A@mail.gmail.com>
 <5232BE53.4040900@obluda.cz> <201309131611.KAA09855@mail.lariat.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: Dan Lukes <dan@obluda.cz>, Jonathon Wright <jonathon.s.wright@gmail.com>,
 "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Sep 2013 10:26:27 -0000

Hello, Brett.
You wrote 13 =D1=81=D0=B5=D0=BD=D1=82=D1=8F=D0=B1=D1=80=D1=8F 2013 =D0=B3.,=
 15:47:13:

>>Juniper's FreeBSD has been verified (whatever it mean in such particular
>>case) as installed inside such router - e.g. version, patch level,
>>kernel compilation options,  loaded kernel modules,  ...
>>
>>In short, results of security audit of FreeBSD 9.1-R-p2 compiled without
>>if_re module is not applicable to FreeBSD 9.1-R-p3 compiled with if_re
>>module nor to FreeBSD 9.1-R-p3 compiled without if_re module

BG> True, but the details of memory allocation and scrubbing are unlikely to
BG> change.
  This "but" is not applicable to formal certification process. As engineer
 you are totally right. But certification is not engineering. Certificate is
 given to one concrete configuration. In some certification processes even
 change of brand of memory modules in computer could avoid certificate, for
 example (I don't say, that it is so for EVERY certification, but formal,
 bank- or government-recognized security ones typically are SUCH strict).

--=20
// Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>