From owner-freebsd-security  Sat Feb  8 14:41:43 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id OAA05165
          for security-outgoing; Sat, 8 Feb 1997 14:41:43 -0800 (PST)
Received: from cwsys.cwent.com (0@lpm145.wlc.com [204.239.181.45])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA05157;
          Sat, 8 Feb 1997 14:41:31 -0800 (PST)
Received: (from uucp@localhost) by cwsys.cwent.com (8.8.5/8.6.10) id OAA01047; Sat, 8 Feb 1997 14:41:03 -0800 (PST)
Message-Id: <199702082241.OAA01047@cwsys.cwent.com>
Received: from localhost.cwent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwent.com, id smtpd001044; Sat Feb  8 22:41:02 1997
Reply-to: cys@mailhost.wlc.com
X-Mailer: Xmh
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
cc: Brian Tao <taob@risc.org>, pst@freebsd.org,
        FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: Re: Don't fulminate, be productive (was Re: Karl fulminates, film at 11. == thanks) 
In-reply-to: Your message of "Sat, 08 Feb 1997 09:50:59 PST."
             <7610.855424259@time.cdrom.com> 
Date: Sat, 08 Feb 1997 14:41:02 -0800
From: Cy Schubert <cy@cwsys.cwent.com>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> >     What sort of requirements would you insist on for a code reviewer?
> > I wouldn't mind poking around some code, but how much proficiency do
> > you need?  I can read/write C, but that's like saying "he understands
> > English" and expecting the person to appreciate Shakespeare.  I take
> 
> I think just a simple & correct understanding of english is probably 
> more than sufficient for this. :-)
> 
> > it there is more to this job than replacing all sprintf's with
> > snprintf's?  :)
> 
> Actually, that's a good 50% of it.  The other 50% is replacing
> strcpy()'s with strncpy()'s. :-)
> 
> Seriously, looking for bufffer overflows is not rocket science, though
> if you spot more serious bugs along then way then you are more than free
> to fix them. :-)
> 
> I'm still waiting for Paul to give me us accumulated archive of volunteers
> before kicking this off - we had a slight communications failure and
> both ended up thinking that the other was keeping the master list. :)
> 
> 					Jordan
> 

I would like to help out.  I am currently running a 2.1.6 system.  Is that
too old?


Cy Schubert
cschuber@uumail.gov.bc.ca
cy@uumail.gov.bc.ca
cys@mailhost.wlc.com