Date: Mon, 11 Aug 2003 23:11:46 +0200 From: "Devon H. O'Dell" <dodell@sitetronics.com> To: "'Mike Hoskins'" <mike@adept.org>, <security@freebsd.org> Subject: RE: realpath(3) et al Message-ID: <000501c3604d$314639a0$9f8d2ed5@internal> In-Reply-To: <20030811133749.U27196@fubar.adept.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't have jewels flowing out of my pockets, so to speak, but I'd be interested in contributing time/money in this sort of endeavor as well. = I'm tired of people not taking the stability and security very seriously. Kind regards, Devon H. O'Dell Systems and Network Engineer Simpli, Inc. Web Hosting http://www.simpli.biz > -----Oorspronkelijk bericht----- > Van: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- > security@freebsd.org] Namens Mike Hoskins > Verzonden: Monday, August 11, 2003 11:08 PM > Aan: security@freebsd.org > Onderwerp: realpath(3) et al >=20 >=20 > First, I hope that this message is not considered flame bait. As = someone > who has used FreeBSD for for 5+ years now, I have a genuine interest = in > the integrity of our source code. >=20 > Second, I hope that this message is not taken as any form of insult or > finger pointing. Software without bugs does not exist, and I think we = all > know that. Acknowledging that point and working to mitigate the risks > associated with it would seem to be our only real option. >=20 > That said, every time something like the recent realpath(3) issue = comes > to light, I find myself asking why I haven't at least tried to do more = to > review our source code or (more desirable) enable 3rd-party audits. >=20 > My question is... If enabling a 3rd-party audit for some target = release > (5.3+ I'd assume) is desirable, what would be needed money-, time- and > other-wise? I'm willing to invest both time and money to make this > happen. I'd expect such an endeavor to be tedious and expensive... = and, > of course, it would really need to be repeated occasionally to be of = real > value. (Probably, at least, after major version number changes.) > However, perhaps doing an audit of the base system now would help our > image in the security community? >=20 > All I know is, despite occasional arguments and rants, I like FreeBSD. > As long as it exists, I plan to have it installed... So it is in my = best > interest to help in any way I can. I know projects like = secure/trustedBSD > exist, but I am really looking for ways to promote the trust of the = base > system more than specialized projects/branches. >=20 > Thoughts? >=20 > -mrh >=20 > -- > From: "Spam Catcher" <spam-catcher@adept.org> > To: spam-catcher@adept.org > Do NOT send email to the address listed above or > you will be added to a blacklist! > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security- > unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000501c3604d$314639a0$9f8d2ed5>