Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.ececs.uc.edu!newsfeeds.sol.net!news.maxwell.syr.edu!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!howland.erols.net!feed1.news.erols.com!news.enteract.com!tqbf From: tqbf@char-star.rdist.org (Thomas H. Ptacek) Newsgroups: comp.unix.bsd.netbsd.misc,comp.security.unix Subject: Re: Careless integration of others' code (WAS Re: Why no addusr?) Date: 16 Feb 1997 08:24:54 GMT Organization: EnterAct, L.L.C. Lines: 29 Message-ID: <slrn5gdh3g.cne.tqbf@char-star.rdist.org> References: <none-ya023480001912962244220001@news.infi.net> <DERAADT.97Feb14205132@zeus.pacifier.com> <5e52dj$c8p@news.bayarea.net> <DERAADT.97Feb15155022@zeus.pacifier.com> <5e5vkb$d89@panix2.panix.com> Reply-To: tqbf@enteract.com NNTP-Posting-Host: char-star.rdist.org X-Newsreader: slrn (0.9.1.1 BETA UNIX) Xref: euryale.cc.adfa.oz.au comp.unix.bsd.netbsd.misc:5391 comp.security.unix:31779 15 Feb 1997 22:40:59 -0500 tls@panix.com: >You hold OpenBSD up as a paragon of security, and yet integrate critical It seems to me that by saying "You claim OpenBSD is secure, and yet...", you're questioning fact. OpenBSD's claim to enhanced security relative to other 4.4BSD operating system projects is easily verifiable. OpenBSD and NetBSD share a well understood code base. Compare the number of publically disclosed 4.4BSD-specific vulnerabilities that the BSDs have been vulnerable to since the OpenBSD project started. >I hate to think just what might be lurking in all those FSF tools that OpenBSD >ships wholesale, unmodified. Or any of the other myriad new code that OpenBSD >has integrated from any number of external sources? Can you actually document an instance of OpenBSD introducing a security hole as a result of merging in external changes or programs? Can you actually document evidence that NetBSD or FreeBSD puts any more effort into auditing FSF integrations than OpenBSD? ...or do you simply intend to hurl accusations at the work of the OpenBSD developers? -- ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- exit(main(kfp->kargc, argv, environ));