Date: Thu, 23 Jul 1998 23:37:55 -0400 (EDT) From: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu> To: security@FreeBSD.ORG Subject: Re: Projects to improve security (related to C) Message-ID: <Api06H_00YUt17WF00@andrew.cmu.edu> In-Reply-To: <98Jul23.122048est.40333@border.alcanet.com.au> References: <98Jul23.122048est.40333@border.alcanet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Checking the FreeBSD site, ther is already a published list of "Programer Do's and Don'ts" at http://www.freebsd.org/security/programmers.html this includes a list of extra things to look for when auditing code. I think I'm going to begin taking people up on this beginning with the smaller utilties (which may turn up little or nothing) and moving on up. Ports seem to be the bigger culprits.. and FreeBSD being able to claim more secure versions than even the standard distribs can only give up extra points. If this takes off Freebsd-audit would be an excellent idea. At the moment, who would be the 'more experienced' people to talk to if I were to find something in need of a patch. I have a good understanding of the issues involved but this would be my first venture in touching FreeBSD proper so I of course want some watchful eye over me. ;) Is send-pr enough to bring it to attention? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Api06H_00YUt17WF00>