"TrustedBSD" addons

[Paul Robinson]

On Tue, Jun 29, 2004 at 01:40:35PM -0500, Kevin Lyons wrote:

> Well, point being that more layers/lines of code added, the more
> potential vulnerabilities. 

Myth. Which is more vulnerable to attack - the kernel that gets compiled 
when you build GENERIC, or a few lines that strcpy's some input recieved 
over a socket running as root?

LOC is about as effective a measure of potential vulnerabilities as it is a 
measure of how productive a developer is or the quality of the design 
process - i.e. it's useless and the myth has been thrown around for god 
knows how long by people who really should know better.*

Well-written code is well-written, no matter how many lines long it is.
Ditto for badly-written code. I've seen 20-liners that could be broken by a 
competent 13-year old, and 20,000-liners that were impregnable. I am not 
alone.

> I don't think we can say the FreeBSD or
> TrustedBSD developers are any more exploit immune than other folks.

Based on the number of security announcements over the last 5 years, I could 
argue very convincingly that the FreeBSD and TrustedBSD developers are far 
more exploit immune than the Microsoft OS developers.

Of course, it would be complete bullshit, but that's not the point. :-)
 
> Not ranting/trolling.  Thanks for the info, that is good.  As I said, i
> have not installed/configured it yet.  I have been noticing feaping
> creaturism in freebsd as of late so I was simply concerned about it.

"Of late"? You've *JUST* noticed? Wow. :-)

* - yes, I know. I expect this now to explode into a silly thread. People 
really should know better.
 
-- 
Paul Robinson
http://www.iconoplex.co.uk/