Date: Thu, 5 Oct 2000 00:00:44 -0700 From: "David O'Brien" <obrien@FreeBSD.ORG> To: Alfred Perlstein <bright@wintelcom.net> Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001005000044.C56495@dragon.nuxi.com> In-Reply-To: <20001004231126.T27736@fw.wintelcom.net>; from bright@wintelcom.net on Wed, Oct 04, 2000 at 11:11:26PM -0700 References: <20001003155638.B73409@hub.freebsd.org> <200010032326.e93NQ7H17213@netplex.com.au> <20001003164236.Q27736@fw.wintelcom.net> <20001004221921.F50210@dragon.nuxi.com> <20001004231126.T27736@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 04, 2000 at 11:11:26PM -0700, Alfred Perlstein wrote: > The kernel is one giant program and keeping it in relative sync is > hard. (let's avoid the problems we had with 3.x) > > The kernel is more complex than userland, but since it's mostly Yes, and since it is hard, it should not be rushed. (Not that we've done a very good job of MFC'ing into RELENG_4). This thread has the common theme of being cautious. > self contained and doesn't do a lot of string parsing (which is > where the majority of these vulnerabilities occur) it is actually > easier to see what's going on, at least for me. ONLY for one class of vulnerabilities -- buffer overflows. What about the easy to guess sequence numbers? Or the whole class of denial of service. There are more vulnerabilities in the world than just buffer overflows. > The complexity of the kernel forces you to understand a great deal > more about the internal interactions of various subsystems. And I can point to a few MFC that happened too fast in kernel code that caused real problems -- even in RELENG_4. > We _can_ back things out and we do have a good track record of > restabilizing once a problem is found. IMHO, nothing MFC'ed into -stable should ever need to be backed out. IF the need arises that means we did a very poor job of MFC'ing. -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001005000044.C56495>