At 14:13 02/12/00 -0500, Truman Boyes wrote:
>On Fri, 1 Dec 2000, mouss wrote:
>Somewhere in here I missed the point. NetBSD introduces much new code into
>the tree everyday. Fine. How much of it makes it's way into FreeBSD and
>OpenBSD ? The drivers usually. So what is this process ? People read the
>code and see if it is something that should be integrated into a
>particular OS.
I was talking about the fact that netbsd is a "hype-away". if you forget about
device drivers, code gets in when it is judeged well architectured (I recognize
that this is theory and there are exceptions, but I prefer people who have a
better theory).
anyway, I like openbsd practice and code.
>And the benefit of running an OpenSource operating system is that there
>are people who audit. As you said you are not going to spend time
>auditing. And you dont have to, if you believe in the team.
Which is great and appreciated.
>Unix has problems. But if you want to run it, you have to follow standards
>when writing code. The majority of unix exploits can be blamed on
>stdio. This has very little to do with the particular OS, and more to do
>with proper coding techniques and the right mindset. In a multiuser OS
>your mindset has to be more paranoid than focused on 'just making it
>work'. This is what OpenBSD has initiated, and what other groups are
>learning from.
once again, it's a thing I appreciate a lot. in a previous life, I was asked
to port swipe to BSDi, but I've fortunately met OpenBSD IPSec code, and
that was not only easier but also the right thing to do.
>Your right; a quick search on 'ftpd' will yield numerous exploits over the
>years. And this many years later, I would not put it past some hacker
>finding a buffer or heap overflow in it. This is a classic example of a
>program that should have been redesigned. It was, and it was done by
>OpenBSD team. It was then appreciated so much that a group ported it to
>Linux.
>
>Why is Linux considered insecure ? Because the distrobutions of it are
>many with different directions and they appreciate new code being
>integrated into the tree. This is new code that has not been
>audited.
yes, but I think they are more about having fun(ctionality) than having the
right thing. linux dists follow a random architecture where everyne seems
to add his code, just because it works. Do not misunderstand me. I appreciate
this too, cos' this brings new functionalities soon. I simply don't rely on.
(and I also don't happen to like many of the choices, but that's personnal
matters...).
BTW I just formatted my last linux-aware system, so I now only have
*BSD and win98 (what a shame...)
>The security company that I work does e-commerce
>hosting. Customers are not allowed to introduce JSP/ASP/servlet/cgi-bin
>code onto their hosted sites until it has been analyzed and audited. Do
>you know the number of scripts and programs that are denied. Many. And
>these are written by top level programmers that forget about security.
well, I'd say that they are not top level if they forget aboyt security.
but I guess
you meant their concern is not security, so they code for functionality,
which is
legitimate.
>My
>point: auditing is a process of security; not something you can overlook.
don't misunderstand me. I was not saying audit is bad. I was trying to say it's
not enough. In many places, a rewrite is the way, and in all cases, I'd be
happy to see a design document for things that are done or that are audited.
The fact that "some guy" has audited "some" code is of few use, if we don't
see a paer describing the audit, so that we know what he exactly checked,
and what are the assumptions.
I'm not criticizig the guys - who are really doing a good job. It's merely a
proposal to make things better.
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
