Date: Tue, 18 Feb 1997 01:04:46 -0800 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: "Julian H. Stacey" <jhs@freebsd.org> Cc: security-officer@freebsd.org, security@freebsd.org, core@freebsd.org Subject: Re: I guess we need to read all code, not just SUID stuff ! Message-ID: <2468.856256686@time.cdrom.com> In-Reply-To: Your message of "Mon, 17 Feb 1997 19:19:45 %2B0100." <199702171819.TAA02087@vector.jhs.no_domain>
next in thread | previous in thread | raw e-mail | index | archive | help
> We presumably don't need to just read the SUID stuff, > we need to read all 120M of src/ :-( We need to read all 120M of src, and that project is already underway. See http://www.freebsd.org/auditors.html for the latest roster. Freefall has also been completely rebuilt and numerous measures taken. Don't think we haven't thought of all the scenarios you raised and probably a good 2 dozen you didn't. :-) There is no one more paranoid that we are at the moment, and with unfortunate good reason. Jordan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2468.856256686>