FreeBSD Transient Memory problem?
Dag-Erling Smørgrav
des at des.no
Fri Sep 13 10:17:36 UTC 2013
Lev Serebryakov <lev at FreeBSD.org> writes:
> In my expirience, "Security audit" people, who could, for example, do
> PCI/DSS audit, are like this. So, yet, it is their level of
> competence, but you could not pass around them, if you want official
> PCI/DSS certification, for example. Did you seen this epic thread on
> stackoverflow (or its devops/sysops counterpart) about "log file with
> every login of each user with password in clear text,'' for example?
That was the first thing that sprung to my mind as well.
scryptkiddy, you should tell them to read this:
http://serverfault.com/questions/293217/our-security-auditor-is-an-idiot-how-do-i-give-him-the-information-he-wants
I've been in a similar situation myself. The JITC audited a customer's
product for IPv6 compliance and failed it because it did not put an ICMP
destination unreachable on the wire when neighbor discovery failed.
Note that the RFC *explicitly states* (but not in a normative section)
that this is not required when the error occurs on the originating node.
(the product in question did not run FreeBSD, but used an old version of
the FreeBSD IPv6 stack)
They had other idiotic requirements that we were able to work around,
and found one genuine but benign bug that had already been fixed in
FreeBSD.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list