Date: Wed, 05 May 1999 00:56:23 -0600 From: Warner Losh <imp@harmony.village.org> To: Unknow User <kernel@tdnet.com.br> Cc: security@FreeBSD.ORG Subject: Re: Security advisories Message-ID: <199905050656.AAA08261@harmony.village.org> In-Reply-To: Your message of "Tue, 04 May 1999 19:56:36 -0300." <372F7B24.E352AEFF@tdnet.com.br> References: <372F7B24.E352AEFF@tdnet.com.br> <372E4911.3A384379@tdnet.com.br> <199905042049.OAA04590@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <372F7B24.E352AEFF@tdnet.com.br> Unknow User writes: : You really helped me, but where can i get such fixes? : Is there any central site? Yes. You willl likely want to keep current with at least the kernel portion of -stable. Fixes are committed there from time to time. Sometimes these have security implications, other times they don't. It is hard to know a-priori which ones will result in a potentially exploitable DoS, and which ones won't. The committers generally don't send me a heads up when it could. Often times it is months later that an exploit comes to light. See the handbook section on keeping current with FreeBSD for details on how to get the latest stable branch. : When a user deletes a file, the OS only removes its inode, is there any : utils that writes 1/0 to the Hard Disk blocks ? Not that I'm aware of. The OS will never give those "dirty" blocks to a user w/o first zeroing them. They are still available on the raw device should you have good reason to expunge them from the disk. : And about memory, is there any utils that fill in memory with 1/0 ? No. Again, the OS doesn't give out dirty memory pages, so this generally isn't a problem. The only time it might be a problem is if a user breaks root and starts snooping in memory. However, if that happens, the active memory can be targeted and you likely have bigger problems to worry about. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905050656.AAA08261>