FreeBSD Transient Memory problem?
Julian Elischer
julian at freebsd.org
Sat Sep 14 02:41:13 UTC 2013
On 9/14/13 5:03 AM, John Baldwin wrote:
> On Friday, September 13, 2013 2:23:19 pm Jonathon Wright wrote:
>> Well stated Gary.
>>
>> I need to divulge more information it appears. The reason I'm unable to
>> effectively fight the semantic game, and not pay the auditors, etc. etc. is
>> because the auditors are the DoD. We work for a private company that's
>> contracted out to provide services to the DoD. But we still have to pass
>> their inspections. As you all know, the DoD does not exactly see things in
>> anything but black and white.
>>
>> So yes, my management is freaked out because the DoD auditors (paid for by
>> the DoD btw) are finding issues that we have to resolve to keep the
>> contract going. That's why my hands are tied. I'll give them credit though,
>> they are allowing me to demonstrate FreeBSD's capability in this manner by
>> providing documentation since FreeBSD does not have the cert. Thats the
>> first non-black and white auditor check I've seen in years.
>>
>> We have lots of time and efforts invested in our architecture which is
>> based on FreeBSD and thats why we're fighting to keep it, hence the start
>> of this post.
>>
>> Thanks again for all the insights, I'll keep ya up to date. We have another
>> month or so to work this, so we're still formulating an initial response.
> I think the sensible thing they are looking for is that new pages don't leak
> data between processes, not anything to do with malloc zeroing, etc. FreeBSD
> definitely does do this. However, the "right" answer is probably that you
> will have to pay to have the version of FreeBSD you are currently using
> audited.
this will probably be a lot cheaper than changing to Linux at this point.
More information about the freebsd-security
mailing list