Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!metro!metro!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.ececs.uc.edu!news.kei.com!news.mathworks.com!panix!news.panix.com!not-for-mail From: tls@panix.com (Thor Lancelot Simon) Newsgroups: comp.unix.bsd.netbsd.misc,comp.security.unix Subject: Re: OpenBSD hides security fixes (and blindly integrates code) Date: 16 Feb 1997 05:13:11 -0500 Organization: Panix Lines: 31 Message-ID: <5e6mjn$q3n@panix2.panix.com> References: <none-ya023480001912962244220001@news.infi.net> <DERAADT.97Feb15212032@zeus.pacifier.com> <5e69v0$1u4@news.bayarea.net> <DERAADT.97Feb16012623@zeus.pacifier.com> Reply-To: tls@rek.tjls.com NNTP-Posting-Host: panix2.panix.com Xref: euryale.cc.adfa.oz.au comp.unix.bsd.netbsd.misc:5478 comp.security.unix:31943 In article <DERAADT.97Feb16012623@zeus.pacifier.com>, Theo de Raadt <deraadt@theos.com> wrote: >In article <5e69v0$1u4@news.bayarea.net> thorpej@baygate.bayarea.net (Jason R. Thorpe) writes: > > While I don't approve of this hack being done, > >I'll bet you don't. No, he doesn't. Neither do I. In fact, we beat this to death internally, and I don't really think anyone's glad that it happened. On the other hand, quite a few people expressed surprise that said #ifndef made it into OpenBSD, since that pretty clearly indicates that said code was integrated _without anyone ever even reading it_ -- rather a stunner, for an operating system which claims to have security as one of its primary goals. > it raises the question > of whether OpenBSD can rightfully claim to be secure. > >Code which fails to boot has little to do with security. What, as an abstract issue, as divorced from all others? It may, or it may not. Certainly, code which is integrated into an operating system without ever being examined has a *great deal* to do with security. -- This space not left unintentionally unblank. tls@rek.tjls.com $OpenBSD: locore.s,v 1.5 1996/10/30: Blindly integrating source code, $OpenBSD: locore.s,v 1.7 1997/01/24: so you can lose for 8 weeks. "Sleep tight."