From owner-cvs-all Tue Aug 1 19:41:21 2000 Delivered-To: cvs-all@freebsd.org Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id D3A7837BFC7; Tue, 1 Aug 2000 19:41:14 -0700 (PDT) (envelope-from green@FreeBSD.org) Date: Tue, 1 Aug 2000 22:41:12 -0400 (EDT) From: Brian Fundakowski Feldman X-Sender: green@green.dyndns.org To: Kris Kennaway Cc: "Chris D. Faulhaber" , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/security/fuzz Makefile ports/security/fuzz/files md5 ports/security/fuzz/patches patch-aa ports/security/fuzz/pkg COMMENT DESCR PLIST In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 1 Aug 2000, Kris Kennaway wrote: > See the preliminary list I posted to -audit the other day for some easy > and not-so-easy candidates :-) Right :) For what it's worth, sed survives a few thousand fuzz runs. I am using fuzz with kern.chroot_allow_non_suser enabled (don't use more permissions for anything than necessary...), but I think I'll set up a jail to run it in. Trusting running programs as root is hard, but even harder is trusting them with untrusted input ;) I'm gonna see what bugs I can find with fuzz in the non-gnu stuff, of course starting with your suggestions, and I'll post any specifics to -audit. I encourage anyone else who's looking for some useful things to do to join -audit, too! -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message