Date: Wed, 22 Aug 2001 09:49:07 -0400 (EDT) From: "Andrew R. Reiter" <arr@watson.org> To: Eric Anderson <anderson@centtech.com> Cc: Guy Helmer <ghelmer@palisadesys.com>, dan@langille.org, security-officer@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:55.procfs Message-ID: <Pine.NEB.3.96L.1010822094737.66196A-100000@fledge.watson.org> In-Reply-To: <3B83B651.75B523AB@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hurm. I had assumed always that "security-officer" was more than one person and that these people, not necesarily the FreeBSD "security team" (if one wishes to call it that), should be those who review the patch/advisory. Bah, perhaps I just hear things ... andrew On Wed, 22 Aug 2001, Eric Anderson wrote: :I would be interested in helping out for that too.. This is definitely a :good idea. : :Two thumbs up. : :Eric Anderson : : :Guy Helmer wrote: :> :> Dan Langille wrote: :> > On 21 Aug 2001, at 13:39, FreeBSD Security Advisories wrote: :> > :> > > # cd /usr/src/sys :> > > # patch -p < /path/to/patch :> > :> > [dan@xeon:/usr/src/sys] $ sudo patch -p < /usr/patches/procfs.patch :> > Hmm... Looks like a unified diff to me... :> > The text leading up to this was: :> > -------------------------- :> > |Index: sys/i386/linux/linprocfs/linprocfs_vnops.c :> > |=================================================================== :> > |RCS file: :> > /usr2/ncvs/src/sys/i386/linux/linprocfs/Attic/linprocfs_vnops.c,v :> > |retrieving revision 1.3.2.4 :> > |retrieving revision 1.3.2.5 :> > |diff -u -r1.3.2.4 -r1.3.2.5 :> > |--- sys/i386/linux/linprocfs/linprocfs_vnops.c 2001/06/25 :> > 19:46:47 1.3.2.4 :> > |+++ sys/i386/linux/linprocfs/linprocfs_vnops.c 2001/08/12 :> > 14:29:19 1.3.2.5 :> > -------------------------- :> > File to patch: :> > :> > Is it just me or is this becoming a recurring theme? *grin* :> > :> > I volunteer to test every patch, given that I seem to be the first to :> > report the problem. :> > :> > The patch works if you cd /usr/src, not /usr/src/sys :> :> It is my sense from reading some other vendor's advisories (namely RedHat) :> that advisories go through internal review and correction prior to release. :> A quick review process by a small group of interested security-minded folks :> could help catch minor typos like this one. Would security-officer be :> willing to setup a private mail list for a small group of interested people :> and give them a few hours to review proposed advisories prior to release? :> :> Guy :> :> To Unsubscribe: send mail to majordomo@FreeBSD.org :> with "unsubscribe freebsd-security" in the body of the message : :-- :------------------------------------------------------------------------------- :Eric Anderson anderson@centtech.com Centaur Technology (512) :418-5792 :Truth is more marvelous than mystery. :------------------------------------------------------------------------------- : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010822094737.66196A-100000>