Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Aug 1999 18:29:20 +1000 (EST)
From:      Darren Reed <avalon@coombs.anu.edu.au>
To:        imp@village.org (Warner Losh)
Cc:        avalon@coombs.anu.edu.au, gill@topsecret.net, tomb@securify.com, andrewr@slack.net, freebsd-security@FreeBSD.ORG
Subject:   Re: "Secure-FreeBSD" Idea
Message-ID:  <199908130829.SAA25334@cheops.anu.edu.au>
In-Reply-To: <199908130714.BAA08901@harmony.village.org> from "Warner Losh" at Aug 13, 99 01:14:44 am

next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Warner Losh, sie said:
> 
> In message <199908130431.OAA23238@cheops.anu.edu.au> Darren Reed writes:
> : NetBSD's primarily goal is stability and portability although they seem
> : to discover new security problems more often than OpenBSD people do. By
> : that I mean problems which involve more than program X having a new buffer
> : overflow problem.
> 
> Are you counting the hundreds of buffer overflows that OpenBSD fixed
> to begin with?  I've seen many many many more buffer overflows from
> OpenBSD than from NetBSD.

No, but then buffer overflows don't really interest me.  They're not hard
to find, fix or exploit.  Nor are they `new'.  OpenBSD's audit didn't find
the recent profil(2) bug, which the NetBSD folks did.

There are many types of security problems, and those OpenBSD have been
addressing, whilst essential and very worthy, have been simple to spot
and solve.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908130829.SAA25334>