RE: realpath(3) et al

From: Devon H. O'Dell (dodell_at_sitetronics.com)
Date: 08/12/03

  • Next message: Peter Jeremy: "Re: realpath(3) et al" 
    To: <security@freebsd.org>
Date: Tue, 12 Aug 2003 11:02:16 +0200

    Is there a list of these bugs available anywhere? If not, what software is
    recommended to import, keep track of, and document these bugs?

    Features such as a protected stack should, IMO, be implemented as soon as
    possible to keep FreeBSD heads-afloat right now in the security sense....
    OpenBSD has implemented this already and there are many patches for Linux to
    do the same... why don't we go ahead and shove some of this code into CVS?

    Should I go ahead and start this up? If so, what are some ideas of things I
    might like to put on it?

    Kind regards,

    Devon H. O'Dell
    Systems and Network Engineer
    Simpli, Inc. Web Hosting
    http://www.simpli.biz

    > -----Oorspronkelijk bericht-----
    > Van: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-
    > security@freebsd.org] Namens Simon L. Nielsen
    > Verzonden: Tuesday, August 12, 2003 10:56 AM
    > Aan: Mike Hoskins
    > CC: security@freebsd.org
    > Onderwerp: Re: realpath(3) et al
    >
    > On 2003.08.11 16:34:40 -0700, Mike Hoskins wrote:
    >
    > > Wasn't there a page (maybe there still is...) showing sections of the
    > base
    > > system as 'assigned' to certain individuals, with contact info listed?
    > I
    > > think it was pretty stale for awhile, but maybe something similar could
    > be
    > > revived and maintained. If it already is, great!
    >
    > There is http://www.freebsd.org/auditors.html but it hasn't been updated
    > for
    > a very long time.
    >
    > BTW, if anybody really wants to start up the audit project again, I
    > think somebody should take a look at integrating some of the changes
    > OpenBSD has made. No reason to spend time finding the bugs OpenBSD has
    > already fixed.
    >
    > --
    > Simon L. Nielsen
    > FreeBSD Documentation Team

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Peter Jeremy: "Re: realpath(3) et al"

    Relevant Pages

    • Fwd: Theos presentation on exploit prevention
      ... Some interesting comments on pro-active security appeared on the daily ... depiction we keep wondering when the OpenBSD Team will eventually learn ... about the clever attacker that is exploiting more than buffer overflows. ... the kernel (and the nice bugs in it). ...
      (Bugtraq)
    • [Full-Disclosure] Fwd: Theos presentation on exploit prevention
      ... Some interesting comments on pro-active security appeared on the daily ... depiction we keep wondering when the OpenBSD Team will eventually learn ... about the clever attacker that is exploiting more than buffer overflows. ... the kernel (and the nice bugs in it). ...
      (Full-Disclosure)
    • Fwd: Theos presentation on exploit prevention
      ... Some interesting comments on pro-active security appeared on the daily ... depiction we keep wondering when the OpenBSD Team will eventually learn ... about the clever attacker that is exploiting more than buffer overflows. ... the kernel (and the nice bugs in it). ...
      (Full-Disclosure)
    • Re: Is this list still active?
      ... >monastic review process that takes top people. ... I don't quite share your optimism, and neither does the OpenBSD team. ... make it harder to exploit many classes of bugs. ... Oh, absolutely, but code review should be the last step in a lengthy, ...
      (SecProg)
    • Re: recommend Linux firewalls for non-profit
      ... > on OpenBSD not linux, do you think it would still as susecptable? ... overflow conditions exist due to bugs in the code, ... potential problem rather than resorting to name calling. ...
      (comp.os.linux.security)