Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 08 Feb 1997 09:50:59 -0800
From:      "Jordan K. Hubbard" <jkh@time.cdrom.com>
To:        Brian Tao <taob@risc.org>
Cc:        pst@freebsd.org, FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject:   Re: Don't fulminate, be productive (was Re: Karl fulminates, film at 11. == thanks) 
Message-ID:  <7610.855424259@time.cdrom.com>
In-Reply-To: Your message of "Sat, 08 Feb 1997 12:42:06 EST." <Pine.BSF.3.95.970208123826.17362A-100000@alpha.risc.org> 

next in thread | previous in thread | raw e-mail | index | archive | help
>     What sort of requirements would you insist on for a code reviewer?
> I wouldn't mind poking around some code, but how much proficiency do
> you need?  I can read/write C, but that's like saying "he understands
> English" and expecting the person to appreciate Shakespeare.  I take

I think just a simple & correct understanding of english is probably 
more than sufficient for this. :-)

> it there is more to this job than replacing all sprintf's with
> snprintf's?  :)

Actually, that's a good 50% of it.  The other 50% is replacing
strcpy()'s with strncpy()'s. :-)

Seriously, looking for bufffer overflows is not rocket science, though
if you spot more serious bugs along then way then you are more than free
to fix them. :-)

I'm still waiting for Paul to give me us accumulated archive of volunteers
before kicking this off - we had a slight communications failure and
both ended up thinking that the other was keeping the master list. :)

					Jordan



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7610.855424259>