From owner-freebsd-security Sat Feb 8 09:51:20 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA22272 for security-outgoing; Sat, 8 Feb 1997 09:51:20 -0800 (PST) Received: from time.cdrom.com (time.cdrom.com [204.216.27.226]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA22267; Sat, 8 Feb 1997 09:51:16 -0800 (PST) Received: from time.cdrom.com (localhost [127.0.0.1]) by time.cdrom.com (8.8.5/8.6.9) with ESMTP id JAA07614; Sat, 8 Feb 1997 09:50:59 -0800 (PST) To: Brian Tao cc: pst@freebsd.org, FREEBSD-SECURITY-L Subject: Re: Don't fulminate, be productive (was Re: Karl fulminates, film at 11. == thanks) In-reply-to: Your message of "Sat, 08 Feb 1997 12:42:06 EST." MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <7609.855424259.1@time.cdrom.com> Date: Sat, 08 Feb 1997 09:50:59 -0800 Message-ID: <7610.855424259@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > What sort of requirements would you insist on for a code reviewer? > I wouldn't mind poking around some code, but how much proficiency do > you need? I can read/write C, but that's like saying "he understands > English" and expecting the person to appreciate Shakespeare. I take I think just a simple & correct understanding of english is probably more than sufficient for this. :-) > it there is more to this job than replacing all sprintf's with > snprintf's? :) Actually, that's a good 50% of it. The other 50% is replacing strcpy()'s with strncpy()'s. :-) Seriously, looking for bufffer overflows is not rocket science, though if you spot more serious bugs along then way then you are more than free to fix them. :-) I'm still waiting for Paul to give me us accumulated archive of volunteers before kicking this off - we had a slight communications failure and both ended up thinking that the other was keeping the master list. :) Jordan