Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.ececs.uc.edu!newsfeeds.sol.net!newspump.sol.net!feeder.chicago.cic.net!news.sba.com!pacifier!downsj From: downsj@threadway.teeny.org (Jason Downs) Newsgroups: comp.unix.bsd.netbsd.misc,comp.security.unix Subject: Re: OpenBSD hides security fixes (and blindly integrates code) Date: 16 Feb 1997 10:38:33 GMT Organization: OpenBSD Lines: 41 Message-ID: <5e6o39$6am@news.pacifier.com> References: <none-ya023480001912962244220001@news.infi.net> <5e69v0$1u4@news.bayarea.net> <DERAADT.97Feb16012623@zeus.pacifier.com> <5e6mjn$q3n@panix2.panix.com> NNTP-Posting-Host: teenyrtr.pacifier.com Cc: Xref: euryale.cc.adfa.oz.au comp.unix.bsd.netbsd.misc:5398 comp.security.unix:31793 In article <5e6mjn$q3n@panix2.panix.com>, Thor Lancelot Simon <tls@rek.tjls.com> wrote: ]In article <DERAADT.97Feb16012623@zeus.pacifier.com>, ]Theo de Raadt <deraadt@theos.com> wrote: ]>I'll bet you don't. ] ]No, he doesn't. Neither do I. In fact, we beat this to death internally, and ]I don't really think anyone's glad that it happened. On the other hand, quite ]a few people expressed surprise that said #ifndef made it into OpenBSD, since ]that pretty clearly indicates that said code was integrated _without anyone ]ever even reading it_ -- rather a stunner, for an operating system which ]claims to have security as one of its primary goals. So you're saying that in the future NetBSD plans to commit outright security holes to the arch-dependant portions of their tree? The issue of how it got into the OpenBSD tree isn't particularly relevant; only that it was inserted into the NetBSD tree in the first place. If you care to look at (what I believe is) the relevant commit: ---------------------------- revision 1.5 date: 1996/10/30 22:38:13; author: niklas; state: Exp; lines: +383 -438 Merge to NetBSD 961020. Retained our kernel APIs where NetBSD has changed. -Wall -Wstrict-prototypes -Wmissing-prototypes too. ---------------------------- That is, +383 lines and -438 lines. That certainly sounds like a rather large amount of changes; obviously, the hope of commiting the #ifndef to NetBSD was that it would slip by. It did so, since no one (especially niklas) was expecting such an incredibly petty thing out of the NetBSD Project at the time. Of course, now we do. -- Jason Downs downsj@teeny.org --> teeny.org: Free Software for a Free Internet <-- http://www.teeny.org/ Little. Yellow. Secure. http://www.openbsd.org/