[Gloucs] February's Presentation - this Tuesday
Guy Edwards
gloucs at mailman.lug.org.uk
Mon Feb 24 19:06:02 2003
On Mon, 2003-02-24 at 18:50, Mark wrote:
>
> > What about OpenBSD, they audit their code for security bugs regularly,
> > so they fix them before they become a problem. They call this
> > 'proactive'
>
> I'd Love to not chuckle there Will but If I had anywhere near the
> authority to release the BSD kernel code vuln's then I would bring them
> tomorrow,however thats a matter for the PHC to release... look out for
> it in the next 6 months. along with a number of other turns at ring-0
> exploits.
(For people that don't have enough time to google
PHC = Phrack High Council
ring-0 = full access to the computers resources)
Aren't there always undisclosed vulnerabilities waiting to be patched
and announced though? I seem to remember all the Linux Vendors getting
very upset when Redhat accidentally released a patch early that was
supposed to be kept quiet in co-operation with all the other
distribution vendors for a set release date.
Also, I thought the OpenBSD guys were the ones that did a massive (long
term) code freeze just to look for and fix potential security
vulnerabilities and ended up with one of the most secure lumps of code
there is?
Guy