From owner-freebsd-security Tue Jul 21 14:53:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA24397 for freebsd-security-outgoing; Tue, 21 Jul 1998 14:53:10 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from marta.arcom.spb.su (marta.arcom.spb.su [195.190.100.18]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA24381 for ; Tue, 21 Jul 1998 14:53:04 -0700 (PDT) (envelope-from snar@marta.arcom.spb.su) Received: (from snar@localhost) by marta.arcom.spb.su (8.8.8/t/97-Mar-14) id BAA18667; Wed, 22 Jul 1998 01:50:30 +0400 (MSD) Message-ID: <19980722015030.15881@nevalink.ru> Date: Wed, 22 Jul 1998 01:50:30 +0400 From: Alexandre Snarskii To: Garance A Drosihn , security@FreeBSD.ORG Subject: Re: Projects to improve security (related to C) References: <27231.900993063@time.cdrom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.89i In-Reply-To: ; from Garance A Drosihn on Tue, Jul 21, 1998 at 02:48:07PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Jul 21, 1998 at 02:48:07PM -0400, Garance A Drosihn wrote: > > Audit. Audit audit audit. Like I said in my previous email, just > > *five minutes* looking through the popper sources was enough time to > > have my jaw dropping in sheer horror at how badly we'd dropped that > > particular ball and I don't think it would take a rocket scientist to > > identify the top 10 ports in need of first attention. Start with > > ports/net and ports/mail and you'll have more than enough to work on. Well, there is a really best way to. But, it costs too much time - qualified auditing must be done not once, but every time, when the port sources changed - no one but main developer knows about new possible security holes :) > Would it help if we increased the work of *not* auditting, such as > having the default sprintf (and other risky routines) cause > compile-time problems? Auditing as a separate step is more often > going to get put off until the developer "has time". If you need > to address some of the classic culprits just to get it to compile, > you're much more likely to "find the time"... As for me, that is not a really good idea. It brokes one of FreeBSD policies - 'we have so many applications ported' :) Better way is to have these routines safe from stack violations - what is done with libparanoia. ( Also, don't forget about programs, which shipped in binary form - netscape f.e. :) ) > > There's only one solution, one which OpenBSD has made significant > > marketing points out of, and that's to go through the code and look > > for holes resulting from poor programming practices. > > Indeed. I like the fact that they're doing this, and that they are > able to make those marketting points out of it. Could we hire them > to audit all the FreeBSD code, and then we would get the marketting > points? :-) Dont forget, that OpenBSD team dont auditing ports. And they just removed qpopper from his ports collection after the exploit. -- Alexandre Snarskii the source code is included To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message