Den 24/04/2014 kl. 02.07 skrev Gary Palmer <[email protected]>: > > I also think we're getting off topic. Any concrete steps people are > willing to take to make FreeBSD more secure?
Well, the static analysis reports aren't totally useless, but we need some way of marking them as false positive or wontfix, so the effort isn't duplicated. Out of the 10.000 reports, a conservative guess is that at least 100 of them are real security issues. And they are public, so Mallory can just pick one now and write an exploit. A year ago, I did a raid on reports about not checking the return value of setuid() and friends, which did uncover real issues. Erik _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
