version 1.28, 1998/02/24 00:30:49 |
version 1.29, 1998/02/24 00:53:56 |
|
|
many bugs, and endeavor to simply fix them even though exploitability |
many bugs, and endeavor to simply fix them even though exploitability |
is not proven. We have fixed many simple and obvious careless |
is not proven. We have fixed many simple and obvious careless |
programming errors in code and then only months later discovered that |
programming errors in code and then only months later discovered that |
the problems were in fact exploitable. This proactive auditing |
the problems were in fact exploitable. In other cases we have been |
|
saved from full exploitability of complex step-by-step attacks because |
|
we had fixed one of the steps. An example of where we did this is the |
|
<a href=www.secnet.com/sni-advisories/sni-19.bsd.lpd.advisory.html> |
|
lpd advisory from |
|
Secure Networks.</a><p> |
|
|
|
This proactive auditing |
process has really paid off. Statements like ``This problem was fixed |
process has really paid off. Statements like ``This problem was fixed |
in OpenBSD about 6 months ago'' have become commonplace in security |
in OpenBSD about 6 months ago'' have become commonplace in security |
forums like <a href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a>.<p> |
forums like <a href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a>.<p> |
|
|
If a problem is proven and serious, a patch will be available |
If a problem is proven and serious, a patch will be available |
here very shortly after. |
here very shortly after. |
<li>Track our current source code tree, and teach yourself how to do a |
<li>Track our current source code tree, and teach yourself how to do a |
complete system build from time to time. Make the assumption |
complete system build from time to time (read /usr/src/Makefile |
that the current source tree always has stronger security. |
carefully). Users can make the assumption that the current |
<li>Install a binary <a href=snapshots.html>snapshots</a>, which are |
source tree always has stronger security than the previous release. |
made available fairly often. |
<li>Install a binary <a href=snapshots.html>snapshot</a> for your |
|
architecure, which are made available fairly often. For |
|
instance, an i386 snapshot is typically made available weekly. |
</ul> |
</ul> |
|
|
<p> |
<p> |