Certification (was RE: realpath(3) et al)
Robert Watson
rwatson at freebsd.org
Tue Aug 12 20:35:55 PDT 2003
The real upshot of all this, btw, is that security evaluation against the
CC and related specs will have very little relationship to closing bugs
associated with realpath(), et al. A source code auditing effort, funded
or otherwise, would still be extremely useful, but the goal would have to
be a more pragmatic "fewer bugs", and not a certification "Grade A
Security" :-).
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
More information about the freebsd-security
mailing list