Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + ho

看板FB_security作者時間11年前 (2014/04/24 15:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串14/49 (看更多)
Den 24/04/2014 kl. 02.07 skrev Gary Palmer <gpalmer@freebsd.org>: > > I also think we're getting off topic. Any concrete steps people are > willing to take to make FreeBSD more secure? Well, the static analysis reports aren't totally useless, but we need some way of marking them as false positive or wontfix, so the effort isn't duplicated. Out of the 10.000 reports, a conservative guess is that at least 100 of them are real security issues. And they are public, so Mallory can just pick one now and write an exploit. A year ago, I did a raid on reports about not checking the return value of setuid() and friends, which did uncover real issues. Erik _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 erik+lists. 的文章
文章代碼(AID): #1JMBQktO (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 14 之 49 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共49篇)
更多 erik+lists. 的文章
文章代碼(AID): #1JMBQktO (FB_security)