From owner-freebsd-security Wed Aug 22 6:50:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 6FF2237B40F; Wed, 22 Aug 2001 06:49:57 -0700 (PDT) (envelope-from arr@watson.org) Received: from localhost (arr@localhost) by fledge.watson.org (8.11.5/8.11.5) with SMTP id f7MDn7K66328; Wed, 22 Aug 2001 09:49:07 -0400 (EDT) (envelope-from arr@watson.org) Date: Wed, 22 Aug 2001 09:49:07 -0400 (EDT) From: "Andrew R. Reiter" To: Eric Anderson Cc: Guy Helmer , dan@langille.org, security-officer@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:55.procfs In-Reply-To: <3B83B651.75B523AB@centtech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hurm. I had assumed always that "security-officer" was more than one person and that these people, not necesarily the FreeBSD "security team" (if one wishes to call it that), should be those who review the patch/advisory. Bah, perhaps I just hear things ... andrew On Wed, 22 Aug 2001, Eric Anderson wrote: :I would be interested in helping out for that too.. This is definitely a :good idea. : :Two thumbs up. : :Eric Anderson : : :Guy Helmer wrote: :> :> Dan Langille wrote: :> > On 21 Aug 2001, at 13:39, FreeBSD Security Advisories wrote: :> > :> > > # cd /usr/src/sys :> > > # patch -p < /path/to/patch :> > :> > [dan@xeon:/usr/src/sys] $ sudo patch -p < /usr/patches/procfs.patch :> > Hmm... Looks like a unified diff to me... :> > The text leading up to this was: :> > -------------------------- :> > |Index: sys/i386/linux/linprocfs/linprocfs_vnops.c :> > |=================================================================== :> > |RCS file: :> > /usr2/ncvs/src/sys/i386/linux/linprocfs/Attic/linprocfs_vnops.c,v :> > |retrieving revision 1.3.2.4 :> > |retrieving revision 1.3.2.5 :> > |diff -u -r1.3.2.4 -r1.3.2.5 :> > |--- sys/i386/linux/linprocfs/linprocfs_vnops.c 2001/06/25 :> > 19:46:47 1.3.2.4 :> > |+++ sys/i386/linux/linprocfs/linprocfs_vnops.c 2001/08/12 :> > 14:29:19 1.3.2.5 :> > -------------------------- :> > File to patch: :> > :> > Is it just me or is this becoming a recurring theme? *grin* :> > :> > I volunteer to test every patch, given that I seem to be the first to :> > report the problem. :> > :> > The patch works if you cd /usr/src, not /usr/src/sys :> :> It is my sense from reading some other vendor's advisories (namely RedHat) :> that advisories go through internal review and correction prior to release. :> A quick review process by a small group of interested security-minded folks :> could help catch minor typos like this one. Would security-officer be :> willing to setup a private mail list for a small group of interested people :> and give them a few hours to review proposed advisories prior to release? :> :> Guy :> :> To Unsubscribe: send mail to majordomo@FreeBSD.org :> with "unsubscribe freebsd-security" in the body of the message : :-- :------------------------------------------------------------------------------- :Eric Anderson anderson@centtech.com Centaur Technology (512) :418-5792 :Truth is more marvelous than mystery. :------------------------------------------------------------------------------- : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message