From owner-freebsd-current Wed Nov 24 7:40: 2 1999 Delivered-To: freebsd-current@freebsd.org Received: from spirit.jaded.net (spirit.jaded.net [216.94.113.12]) by hub.freebsd.org (Postfix) with ESMTP id E908314CB4 for ; Wed, 24 Nov 1999 07:39:47 -0800 (PST) (envelope-from dan@spirit.jaded.net) Received: (from dan@localhost) by spirit.jaded.net (8.9.3/8.9.3) id KAA01402; Wed, 24 Nov 1999 10:41:07 -0500 (EST) Date: Wed, 24 Nov 1999 10:41:07 -0500 From: Dan Moschuk To: Mark Murray Cc: current@FreeBSD.ORG Subject: Re: FreeBSD security auditing project. Message-ID: <19991124104107.A264@spirit.jaded.net> References: <199911231905.VAA80946@gratis.grondar.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <199911231905.VAA80946@gratis.grondar.za>; from mark@grondar.za on Tue, Nov 23, 1999 at 09:05:25PM +0200 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG | Hello FreebSD'ers! | | [ Apologies to committers, I have Bcc'ed you to ensure you got | this; you may get two copies. ] | | I have been charged with the duty of ensuring that FreeBSD gets a | security audit that has the credibility of OpenBSD's. | | Consider this to be a request-for-discussion that will head us over to | the actual work of getting it done. Great to hear that we are finally doing this. :-) | My proposals are pretty simple; | | 1) We need to eyeball _all_ of the code for potential security holes, | and fix those ASAP. | | 2) I propose that diff(1) FreeBSD with {Open|Net}BSD, and with a | security perspective apply those bits that look relevant and that will | work. Who nose - we may even pick up some useful featurez! I have a set up diff's that introduce OpenBSDs concept of random pids and source port (with a sysctl knob for you sequential weenies) that will have to be updated again before I commit them. -- Dan Moschuk (TFreak!dan@freebsd.org) "Cure for global warming: One giant heatsink and dual fans!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message