From owner-freebsd-security Mon Feb 10 20:00:19 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id UAA09858 for security-outgoing; Mon, 10 Feb 1997 20:00:19 -0800 (PST) Received: (from mpp@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id UAA09848; Mon, 10 Feb 1997 20:00:07 -0800 (PST) From: Mike Pritchard Message-Id: <199702110400.UAA09848@freefall.freebsd.org> Subject: Re: Don't fulminate, be productive To: imp@village.org (Warner Losh) Date: Mon, 10 Feb 1997 20:00:07 -0800 (PST) Cc: marcs@znep.com, tqbf@enteract.com, freebsd-security@freebsd.org In-Reply-To: from "Warner Losh" at Feb 10, 97 02:15:22 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Warner Losh wrote: > > In message Marc Slemko writes: > : 90% of security holes are easy to find in stuff like FreeBSD right now. > : When the obvious ones get fixed, it will be more like 90% being hard to > : find. > > I'd wager that about 95% of the security problems in FreeBSD could > solved by going over the OpenBSD cvs logs carefully and applying > those patches. Theo and co have been very careful in their audits of > their programs. > > Warner As a warning to others. I basically blindly committed some security fixes to calendar from OpenBSD without much testing and found out that they didn't work as expected. Your milage may vary. -- Mike Pritchard mpp@FreeBSD.org "Go that way. Really fast. If something gets in your way, turn"