From owner-freebsd-audit Thu Dec 9 13:51:34 1999 Delivered-To: freebsd-audit@freebsd.org Received: from mail001.mediacity.com (mail001.mediacity.com [205.216.172.9]) by hub.freebsd.org (Postfix) with SMTP id 0C518152DD for ; Thu, 9 Dec 1999 13:51:31 -0800 (PST) (envelope-from spock@techfour.net) Received: (qmail 6627 invoked from network); 9 Dec 1999 21:51:29 -0000 Received: from cm-208-138-198-17.fredericksburg.mg.ispchannel.com (HELO enterprise.muriel.penguinpowered.com) (208.138.198.17) by mail001.mediacity.com with SMTP; 9 Dec 1999 21:51:29 -0000 Content-Length: 794 Message-ID: X-Mailer: XFMail 1.3.1 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: X-SENDERNAME: `Mike Heffner` Date: Thu, 09 Dec 1999 16:51:53 -0500 (EST) From: Mike Heffner To: "Ilmar S. Habibulin" Subject: RE: question to auditors Cc: freebsd-security@FreeBSD.ORG, freebsd-audit@FreeBSD.ORG Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 09-Dec-99 Ilmar S. Habibulin said: | | I'm wondering what do you guys search in the sources. I know that there | are some functions like gets(), which don't check bounds of arrays, and | possible problems with setuid/setgid bits. So i have some questions like: | | - what is the full list of risky functions | - what else could be a treat to security, integrety or functionality of | some application | - or where can i find full answers to my maybe stupid questions | There's a short list of some trouble spots at: http://www.freebsd.org/security/ as well as other links to security related sites. --------------------------------- Mike Heffner Fredericksburg, VA ICQ# 882073 Date: 09-Dec-99 Time: 16:50:04 --------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message