From owner-freebsd-security@FreeBSD.ORG Tue Aug 12 20:35:54 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AB12237B401 for ; Tue, 12 Aug 2003 20:35:54 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id BAC1143F93 for ; Tue, 12 Aug 2003 20:35:53 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h7D3ZTAL079541; Tue, 12 Aug 2003 23:35:29 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h7D3ZTLx079538; Tue, 12 Aug 2003 23:35:29 -0400 (EDT) Date: Tue, 12 Aug 2003 23:35:29 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: twig les In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: security@freebsd.org Subject: Re: Certification (was RE: realpath(3) et al) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Aug 2003 03:35:55 -0000 The real upshot of all this, btw, is that security evaluation against the CC and related specs will have very little relationship to closing bugs associated with realpath(), et al. A source code auditing effort, funded or otherwise, would still be extremely useful, but the goal would have to be a more pragmatic "fewer bugs", and not a certification "Grade A Security" :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories