[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

re: status debian/openbsd

   OpenBSD appears to be more heavily audited though. Maybe it's just
   appearance. You may have seen in the Debian Weekly News that I'm working
   on a rough audit project and in such I would like to say that security
   must include a heavy code audit.

i think 'appears' is a great word here.

from what i've seen over the years all of netbsd, freebsd and openbsd
have done 'code audits'.  infact, largely they've spread to all.. you
may notice that there are far fewer set-id programs in *bsd than ever

i know that i personally read pretty much all the netbsd libraries,
set-id programs, and network daemons, back in 1996 and while i found
and fixed a few holes, i missed a lot too.  code audit doesn't mean
that he bug was found... espcially after you've been reading 100 new
peices of code ....


Reply to: