realpath(3) et al
Wlodek
wwk761 at telus.net
Mon Aug 11 14:45:40 PDT 2003
count me in as well
/r/
wlodek
----- Original Message -----
From: "Devon H. O'Dell" <dodell at sitetronics.com>
To: "'Mike Hoskins'" <mike at adept.org>; <security at freebsd.org>
Sent: Monday, August 11, 2003 2:11 PM
Subject: RE: realpath(3) et al
I don't have jewels flowing out of my pockets, so to speak, but I'd be
interested in contributing time/money in this sort of endeavor as well. I'm
tired of people not taking the stability and security very seriously.
Kind regards,
Devon H. O'Dell
Systems and Network Engineer
Simpli, Inc. Web Hosting
http://www.simpli.biz
> -----Oorspronkelijk bericht-----
> Van: owner-freebsd-security at freebsd.org [mailto:owner-freebsd-
> security at freebsd.org] Namens Mike Hoskins
> Verzonden: Monday, August 11, 2003 11:08 PM
> Aan: security at freebsd.org
> Onderwerp: realpath(3) et al
>
>
> First, I hope that this message is not considered flame bait. As someone
> who has used FreeBSD for for 5+ years now, I have a genuine interest in
> the integrity of our source code.
>
> Second, I hope that this message is not taken as any form of insult or
> finger pointing. Software without bugs does not exist, and I think we all
> know that. Acknowledging that point and working to mitigate the risks
> associated with it would seem to be our only real option.
>
> That said, every time something like the recent realpath(3) issue comes
> to light, I find myself asking why I haven't at least tried to do more to
> review our source code or (more desirable) enable 3rd-party audits.
>
> My question is... If enabling a 3rd-party audit for some target release
> (5.3+ I'd assume) is desirable, what would be needed money-, time- and
> other-wise? I'm willing to invest both time and money to make this
> happen. I'd expect such an endeavor to be tedious and expensive... and,
> of course, it would really need to be repeated occasionally to be of real
> value. (Probably, at least, after major version number changes.)
> However, perhaps doing an audit of the base system now would help our
> image in the security community?
>
> All I know is, despite occasional arguments and rants, I like FreeBSD.
> As long as it exists, I plan to have it installed... So it is in my best
> interest to help in any way I can. I know projects like secure/trustedBSD
> exist, but I am really looking for ways to promote the trust of the base
> system more than specialized projects/branches.
>
> Thoughts?
>
> -mrh
>
> --
> From: "Spam Catcher" <spam-catcher at adept.org>
> To: spam-catcher at adept.org
> Do NOT send email to the address listed above or
> you will be added to a blacklist!
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-
> unsubscribe at freebsd.org"
_______________________________________________
freebsd-security at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list