FreeBSD Transient Memory problem?

Julian Elischer julian at freebsd.org
Sat Sep 14 02:43:38 UTC 2013 

On 9/14/13 10:40 AM, Julian Elischer wrote:
> On 9/14/13 5:03 AM, John Baldwin wrote:
>> On Friday, September 13, 2013 2:23:19 pm Jonathon Wright wrote:
>>> Well stated Gary.
>>>
>>> I need to divulge more information it appears. The reason I'm 
>>> unable to
>>> effectively fight the semantic game, and not pay the auditors, 
>>> etc. etc. is
>>> because the auditors are the DoD. We work for a private company 
>>> that's
>>> contracted out to provide services to the DoD. But we still have 
>>> to pass
>>> their inspections. As you all know, the DoD does not exactly see 
>>> things in
>>> anything but black and white.
>>>
>>> So yes, my management is freaked out because the DoD auditors 
>>> (paid for by
>>> the DoD btw) are finding issues that we have to resolve to keep the
>>> contract going. That's why my hands are tied. I'll give them 
>>> credit though,
>>> they are allowing me to demonstrate FreeBSD's capability in this 
>>> manner by
>>> providing documentation since FreeBSD does not have the cert. 
>>> Thats the
>>> first non-black and white auditor check I've seen in years.
>>>
>>> We have lots of time and efforts invested in our architecture 
>>> which is
>>> based on FreeBSD and thats why we're fighting to keep it, hence 
>>> the start
>>> of this post.
>>>
>>> Thanks again for all the insights, I'll keep ya up to date. We 
>>> have another
>>> month or so to work this, so we're still formulating an initial 
>>> response.
>> I think the sensible thing they are looking for is that new pages 
>> don't leak
>> data between processes, not anything to do with malloc zeroing, 
>> etc.  FreeBSD
>> definitely does do this.  However, the "right" answer is probably 
>> that you
>> will have to pay to have the version of FreeBSD you are currently 
>> using
>> audited.
>
> this will probably be a lot cheaper than changing to Linux at this 
> point.

It is possible you could ask the FreeBSD Foundation if they would put 
up some of the cash
as a project.. it may be generally useful.

>
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to 
> "freebsd-security-unsubscribe at freebsd.org"
>
>

More information about the freebsd-security mailing list