Date: Wed, 22 Jul 1998 01:50:30 +0400 From: Alexandre Snarskii <snar@paranoia.ru> To: Garance A Drosihn <drosih@rpi.edu>, security@FreeBSD.ORG Subject: Re: Projects to improve security (related to C) Message-ID: <19980722015030.15881@nevalink.ru> In-Reply-To: <v04011708b1da888c2e65@[128.113.24.47]>; from Garance A Drosihn on Tue, Jul 21, 1998 at 02:48:07PM -0400 References: <v04011703b1d98657693f@[128.113.24.47]> <27231.900993063@time.cdrom.com> <v04011708b1da888c2e65@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 21, 1998 at 02:48:07PM -0400, Garance A Drosihn wrote: > > Audit. Audit audit audit. Like I said in my previous email, just > > *five minutes* looking through the popper sources was enough time to > > have my jaw dropping in sheer horror at how badly we'd dropped that > > particular ball and I don't think it would take a rocket scientist to > > identify the top 10 ports in need of first attention. Start with > > ports/net and ports/mail and you'll have more than enough to work on. Well, there is a really best way to. But, it costs too much time - qualified auditing must be done not once, but every time, when the port sources changed - no one but main developer knows about new possible security holes :) > Would it help if we increased the work of *not* auditting, such as > having the default sprintf (and other risky routines) cause > compile-time problems? Auditing as a separate step is more often > going to get put off until the developer "has time". If you need > to address some of the classic culprits just to get it to compile, > you're much more likely to "find the time"... As for me, that is not a really good idea. It brokes one of FreeBSD policies - 'we have so many applications ported' :) Better way is to have these routines safe from stack violations - what is done with libparanoia. ( Also, don't forget about programs, which shipped in binary form - netscape f.e. :) ) > > There's only one solution, one which OpenBSD has made significant > > marketing points out of, and that's to go through the code and look > > for holes resulting from poor programming practices. > > Indeed. I like the fact that they're doing this, and that they are > able to make those marketting points out of it. Could we hire them > to audit all the FreeBSD code, and then we would get the marketting > points? :-) Dont forget, that OpenBSD team dont auditing ports. And they just removed qpopper from his ports collection after the exploit. -- Alexandre Snarskii the source code is included To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980722015030.15881>