| version 1.28, 1998/02/24 00:30:49 |
version 1.29, 1998/02/24 00:53:56 |
|
|
| many bugs, and endeavor to simply fix them even though exploitability |
many bugs, and endeavor to simply fix them even though exploitability |
| is not proven. We have fixed many simple and obvious careless |
is not proven. We have fixed many simple and obvious careless |
| programming errors in code and then only months later discovered that |
programming errors in code and then only months later discovered that |
| the problems were in fact exploitable. This proactive auditing |
the problems were in fact exploitable. In other cases we have been |
| |
saved from full exploitability of complex step-by-step attacks because |
| |
we had fixed one of the steps. An example of where we did this is the |
| |
<a href=www.secnet.com/sni-advisories/sni-19.bsd.lpd.advisory.html> |
| |
lpd advisory from |
| |
Secure Networks.</a><p> |
| |
|
| |
This proactive auditing |
| process has really paid off. Statements like ``This problem was fixed |
process has really paid off. Statements like ``This problem was fixed |
| in OpenBSD about 6 months ago'' have become commonplace in security |
in OpenBSD about 6 months ago'' have become commonplace in security |
| forums like <a href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a>.<p> |
forums like <a href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a>.<p> |
|
|
| If a problem is proven and serious, a patch will be available |
If a problem is proven and serious, a patch will be available |
| here very shortly after. |
here very shortly after. |
| <li>Track our current source code tree, and teach yourself how to do a |
<li>Track our current source code tree, and teach yourself how to do a |
| complete system build from time to time. Make the assumption |
complete system build from time to time (read /usr/src/Makefile |
| that the current source tree always has stronger security. |
carefully). Users can make the assumption that the current |
| <li>Install a binary <a href=snapshots.html>snapshots</a>, which are |
source tree always has stronger security than the previous release. |
| made available fairly often. |
<li>Install a binary <a href=snapshots.html>snapshot</a> for your |
| |
architecure, which are made available fairly often. For |
| |
instance, an i386 snapshot is typically made available weekly. |
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www