From owner-freebsd-security  Tue Feb 18 01:06:51 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id BAA15896
          for security-outgoing; Tue, 18 Feb 1997 01:06:51 -0800 (PST)
Received: from time.cdrom.com (time.cdrom.com [204.216.27.226])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA15582;
          Tue, 18 Feb 1997 01:04:48 -0800 (PST)
Received: from time.cdrom.com (localhost [127.0.0.1]) by time.cdrom.com (8.8.5/8.6.9) with ESMTP id BAA02472; Tue, 18 Feb 1997 01:04:46 -0800 (PST)
To: "Julian H. Stacey" <jhs@freebsd.org>
cc: security-officer@freebsd.org, security@freebsd.org, core@freebsd.org
Subject: Re: I guess we need to read all code, not just SUID stuff ! 
In-reply-to: Your message of "Mon, 17 Feb 1997 19:19:45 +0100."
             <199702171819.TAA02087@vector.jhs.no_domain> 
Date: Tue, 18 Feb 1997 01:04:46 -0800
Message-ID: <2468.856256686@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> We presumably don't need to just read the SUID stuff,
> we need to read all 120M of src/  :-( 

We need to read all 120M of src, and that project is already underway.
See http://www.freebsd.org/auditors.html for the latest roster.

Freefall has also been completely rebuilt and numerous measures taken.
Don't think we haven't thought of all the scenarios you raised and
probably a good 2 dozen you didn't. :-)  There is no one more paranoid
that we are at the moment, and with unfortunate good reason.

					Jordan