Re: realpath(3) et al

From: Jacques A. Vidrine (nectar_at_FreeBSD.org)
Date: 08/12/03

  • Next message: Mike Hoskins: "Re: realpath(3) et al"
    Date: Mon, 11 Aug 2003 18:21:32 -0500
    To: Mike Hoskins <mike@adept.org>
    
    

    On Mon, Aug 11, 2003 at 02:08:27PM -0700, Mike Hoskins wrote:
    > First, I hope that this message is not considered flame bait. As someone
    > who has used FreeBSD for for 5+ years now, I have a genuine interest in
    > the integrity of our source code.
    >
    > Second, I hope that this message is not taken as any form of insult or
    > finger pointing.

    No worries.

    > Software without bugs does not exist, and I think we all
    > know that. Acknowledging that point and working to mitigate the risks
    > associated with it would seem to be our only real option.

    Yes, we are all agreed here.

    > That said, every time something like the recent realpath(3) issue comes
    > to light, I find myself asking why I haven't at least tried to do more to
    > review our source code or (more desirable) enable 3rd-party audits.

    More people should ask themselves that :-) One can talk about auditing
    code, or one can do it.

    Even in projects where careful auditing has been the primary focus,
    things get missed. For example, OpenBSD missed this exact same bug
    and corrected it about the same time as everyone else.

    > My question is... If enabling a 3rd-party audit for some target release
    > (5.3+ I'd assume) is desirable, what would be needed money-, time- and
    > other-wise?

    People need to read code, that's all. You can share your code reading
    insights at freebsd-audit@freebsd.org, or if you believe it is
    sensitive, with security-team@freebsd.org.

    We _do_ already audit code, you know. FreeBSD-SA-03:09.signal was a
    result of my auditing, FreeBSD-SA-03:10.ibcs2 was a result of David's
    auditing. Also, many commits that are just `cleanup' are the result
    of a kind of `auditing'.

    What we perhaps lack is coordination. This is not easy in a volunteer
    environment, but perhaps something as simple as a `scoreboard' with
    `these files being audited/have been audited by whatsmyname' would be
    an improvement. On the other hand, in my experience, people are quick
    to volunteer and slow to follow up --- usually disappearing. :-( Of
    course, those that do follow up often become committers themselves :-)

    > I'm willing to invest both time and money to make this
    > happen. I'd expect such an endeavor to be tedious and expensive... and,
    > of course, it would really need to be repeated occasionally to be of real
    > value. (Probably, at least, after major version number changes.)
    > However, perhaps doing an audit of the base system now would help our
    > image in the security community?

    *shrug* I didn't know we had an image problem in the security
    community.

    Probably the single most effective way to get an audit done is to read
    the code :-)

    Cheers,

    -- 
    Jacques Vidrine   . NTT/Verio SME      . FreeBSD UNIX       . Heimdal
    nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Mike Hoskins: "Re: realpath(3) et al"