From owner-freebsd-security  Thu Jul 23 20:39:51 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA01801
          for freebsd-security-outgoing; Thu, 23 Jul 1998 20:39:51 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from po6.andrew.cmu.edu (PO6.ANDREW.CMU.EDU [128.2.10.106])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA01777
          for <security@FreeBSD.ORG>; Thu, 23 Jul 1998 20:39:37 -0700 (PDT)
          (envelope-from tcrimi+@andrew.cmu.edu)
Received: (from postman@localhost) by po6.andrew.cmu.edu (8.8.5/8.8.2) id XAA10180 for security@FreeBSD.ORG; Thu, 23 Jul 1998 23:39:10 -0400 (EDT)
Received: via switchmail; Thu, 23 Jul 1998 23:39:09 -0400 (EDT)
Received: from unix17.andrew.cmu.edu via qmail
          ID </afs/andrew.cmu.edu/service/mailqs/q003/QF.Ypi06HW00YUt01eKA0>;
          Thu, 23 Jul 1998 23:37:55 -0400 (EDT)
Received: from unix17.andrew.cmu.edu via qmail
          ID </afs/andrew.cmu.edu/usr18/tcrimi/.Outgoing/QF.0pi06HC00YUt17WF80>;
          Thu, 23 Jul 1998 23:37:55 -0400 (EDT)
Received: from mms.4.60.Jun.27.1996.03.02.53.sun4.51.EzMail.2.0.CUILIB.3.45.SNAP.NOT.LINKED.unix17.andrew.cmu.edu.sun4m.54
          via MS.5.6.unix17.andrew.cmu.edu.sun4_51;
          Thu, 23 Jul 1998 23:37:55 -0400 (EDT)
Message-ID: <Api06H_00YUt17WF00@andrew.cmu.edu>
Date: Thu, 23 Jul 1998 23:37:55 -0400 (EDT)
From: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu>
To: security@FreeBSD.ORG
Subject: Re: Projects to improve security (related to C)
In-Reply-To: <98Jul23.122048est.40333@border.alcanet.com.au>
References: <98Jul23.122048est.40333@border.alcanet.com.au>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


  Checking the FreeBSD site, ther is already a published list of
"Programer Do's and Don'ts"  at
http://www.freebsd.org/security/programmers.html 
this includes a list of extra things to look for when auditing code.  I
think I'm going to begin taking people up on this beginning with the
smaller utilties (which may turn up little or nothing) and moving on up.
 Ports seem to be the bigger culprits.. and FreeBSD being able to claim
more secure versions than even the standard distribs can only give up
extra points.

   If this takes off Freebsd-audit would be an excellent idea.  At the
moment, who would be the 'more experienced' people to talk to if I were
to find something in need of a patch.  I have a good understanding of
the issues involved but this would be my first venture in touching
FreeBSD proper so I of course want some watchful eye over me. ;)  Is
send-pr enough to bring it to attention?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message