From owner-freebsd-security  Sat Sep 30 12:41: 0 2000
Delivered-To: freebsd-security@freebsd.org
Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229])
	by hub.freebsd.org (Postfix) with ESMTP
	id E5AD537B502; Sat, 30 Sep 2000 12:40:57 -0700 (PDT)
Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1])
	by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e8UJeiU02977;
	Sat, 30 Sep 2000 12:40:44 -0700 (PDT)
	(envelope-from jkh@winston.osd.bsdi.com)
To: Kris Kennaway <kris@FreeBSD.org>
Cc: "Brian F. Feldman" <green@FreeBSD.org>,
	Roman Shterenzon <roman@xpert.com>, security@FreeBSD.org
Subject: Re: Security and FreeBSD, my overall perspective 
In-Reply-To: Message from Kris Kennaway <kris@FreeBSD.org> 
   of "Sat, 30 Sep 2000 12:22:17 PDT." <20000930122217.A51270@freefall.freebsd.org> 
Date: Sat, 30 Sep 2000 12:40:43 -0700
Message-ID: <2973.970342843@winston.osd.bsdi.com>
From: Jordan Hubbard <jkh@winston.osd.bsdi.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Okay, quick show of hands. How many people blindly trusted pine before
> this week? How many people would pick up a copy of fsdb(8) and/or
> ipfw(8) and feel blindly confident they know how to use it properly
> without screwing themselves up?

Well, just to set the record straight, I've never even used pine.  I
use mh-e. :) I was talking more about our desired policy for dealing
with these situations in the present and future, something for which
pine is merely an example.

> >        (b) Add a new field to the ports infrastructure which indicates
> > 	   level of "trust" the project/security people have in that
> > 	   port.  E.g. instead of having one big knob rather off-puttingly
> > 	   labelled 'FORBIDDEN', have a 'TRUST' or 'SECURITY_LEVEL' variable
> > 	   which goes from 1 to 10.  Then the ports infrastructure can, if
> > 	   it wishes to, issue warnings of varying severity based on the
> > 	   trust level.
> 
> I've thought about this, but it needs someone to implement it, so we
> have to work with existing tools in the meantime.

I could do this in a couple of hours, including testing.  You want the
patches to bsd.port.mk in unidiff or context diff format? ;-)

> Waitasec, what do you mean "start"? FreeBSD is basically the only
> operating system project which *is* auditing this kind of code

I was reacting to green's assertion that nobody, in fact, had the time
or inclination to do anything of the sort.  If he's maligned your
efforts by making such claims then I guess we both owe you an apology
for understimating the amount of work which has actually been going
into auditing.

- Jordan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message