Date: Wed, 22 Jul 1998 08:40:26 +0200 From: Eivind Eklund <eivind@yes.no> To: Alexandre Snarskii <snar@paranoia.ru>, Garance A Drosihn <drosih@rpi.edu>, security@FreeBSD.ORG Subject: Re: Projects to improve security (related to C) Message-ID: <19980722084026.45975@follo.net> In-Reply-To: <19980722015030.15881@nevalink.ru>; from Alexandre Snarskii on Wed, Jul 22, 1998 at 01:50:30AM %2B0400 References: <v04011703b1d98657693f@[128.113.24.47]> <27231.900993063@time.cdrom.com> <v04011708b1da888c2e65@[128.113.24.47]> <19980722015030.15881@nevalink.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 22, 1998 at 01:50:30AM +0400, Alexandre Snarskii wrote: > > > There's only one solution, one which OpenBSD has made significant > > > marketing points out of, and that's to go through the code and look > > > for holes resulting from poor programming practices. > > > > Indeed. I like the fact that they're doing this, and that they are > > able to make those marketting points out of it. Could we hire them > > to audit all the FreeBSD code, and then we would get the marketting > > points? :-) No. I've investigated this option, and it did not seem at all feasible at the time. However, you _could_ hire somebody to merge over all the good changes from OpenBSD. > Dont forget, that OpenBSD team dont auditing ports. And they > just removed qpopper from his ports collection after the exploit. Which IMO was the right decision. This isn't the first time qpopper has had a serious security hole (though I don't think any of them have been that widely exposed before), and I don't believe it will be the last. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980722084026.45975>