Re: Certification (was RE: realpath(3) et al)
From: Robert Watson (rwatson_at_freebsd.org)
Date: 08/13/03
- Previous message: Robert Watson: "Re: Certification (was RE: realpath(3) et al)"
- In reply to: Robert Watson: "Re: Certification (was RE: realpath(3) et al)"
- Next in thread: Mike Hoskins: "Re: Certification (was RE: realpath(3) et al)"
- Reply: Mike Hoskins: "Re: Certification (was RE: realpath(3) et al)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 12 Aug 2003 23:35:29 -0400 (EDT) To: twig les <twigles@yahoo.com>
The real upshot of all this, btw, is that security evaluation against the
CC and related specs will have very little relationship to closing bugs
associated with realpath(), et al. A source code auditing effort, funded
or otherwise, would still be extremely useful, but the goal would have to
be a more pragmatic "fewer bugs", and not a certification "Grade A
Security" :-).
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org Network Associates Laboratories
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Robert Watson: "Re: Certification (was RE: realpath(3) et al)"
- In reply to: Robert Watson: "Re: Certification (was RE: realpath(3) et al)"
- Next in thread: Mike Hoskins: "Re: Certification (was RE: realpath(3) et al)"
- Reply: Mike Hoskins: "Re: Certification (was RE: realpath(3) et al)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
