Date: Tue, 1 Aug 2000 22:41:12 -0400 (EDT) From: Brian Fundakowski Feldman <green@FreeBSD.org> To: Kris Kennaway <kris@hub.freebsd.org> Cc: "Chris D. Faulhaber" <jedgar@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/security/fuzz Makefile ports/security/fuzz/files md5 ports/security/fuzz/patches patch-aa ports/security/fuzz/pkg COMMENT DESCR PLIST Message-ID: <Pine.BSF.4.21.0008012237580.98183-100000@green.dyndns.org> In-Reply-To: <Pine.BSF.4.21.0008011856110.95122-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 Aug 2000, Kris Kennaway wrote: > See the preliminary list I posted to -audit the other day for some easy > and not-so-easy candidates :-) Right :) For what it's worth, sed survives a few thousand fuzz runs. I am using fuzz with kern.chroot_allow_non_suser enabled (don't use more permissions for anything than necessary...), but I think I'll set up a jail to run it in. Trusting running programs as root is hard, but even harder is trusting them with untrusted input ;) I'm gonna see what bugs I can find with fuzz in the non-gnu stuff, of course starting with your suggestions, and I'll post any specifics to -audit. I encourage anyone else who's looking for some useful things to do to join -audit, too! -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008012237580.98183-100000>