For auditors, sync to latest roster and start using the fancier tables

generated by jmb's little TCL script.  Now you can just click on categories
or auditor/reviewers to email them.

Incorporate comments from Keith Bostic on security, point to AUSCERT's
Unix Security Checklist.
This commit is contained in:
Jordan K. Hubbard 1997-02-19 13:49:11 +00:00
parent dbb07c9784
commit 2d0b664dc7
Notes: svn2git 2020-12-08 03:00:23 +00:00
svn path=/www/; revision=1188
4 changed files with 708 additions and 170 deletions

View file

@ -1,5 +1,5 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY date "$Date: 1997-02-18 01:04:17 $">
<!ENTITY date "$Date: 1997-02-19 13:49:10 $">
<!ENTITY title "FreeBSD Auditing Project">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>
@ -14,7 +14,7 @@
<H1>General Information</H1>
<em>Last Updated: $Date: 1997-02-18 01:04:17 $ </em>
<em>Last Updated: $Date: 1997-02-19 13:49:10 $ </em>
<H2>Overview</H2>
@ -84,9 +84,11 @@ into the <strong>2.1</strong> and <strong>2.2</strong> branches.
complex that I have turned it into a <a href="security.html">FreeBSD
Security Guide</a>. Please read this now if you haven't already.
Another excellent document is the <a
Other excellent documents are the <a
href="ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist">
Secure Programming Checklist</a>, available from AUSCERT.
Secure Programming Checklist</a> and the <a
href="ftp://ftp.auscert.org.au/pub/auscert/papers/unix_security_checklist">
Unix Security Checklist</a>, both available from AUSCERT.
<H2>Sign-Up sheet:</H2>
@ -109,24 +111,126 @@ auditors will be assuming that the other 10 items are handled!</P>
To sign up for something, please send mail to <a
href="mailto:jkh@FreeBSD.org"> jkh@FreeBSD.org</a>.
<P>
<TABLE border=2 cellpadding=3>
<TR><TH>Module</TH> <TH>Auditor(s)</TH> <TH>Reviewer(s)</TH> <TH>Status</TH>
<TR><TD>lib</TD> <TD>pst,ak</TD> <TD>jkh,dg,gvr,imp</TD> <TD>gvr</TD>
<TR><TD>libc</TD> <TD>ee</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>libdisk</TD> <TD>open</TD> <TD>phk,gvr</TD> <TD>Open</TD>
<TR><TD>libexec</TD> <TD>imp,crh,ee,witr</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>telnetd</TD> <TD>ac,dn</TD> <TD>imp,gvr</TD> <TD>Open</TD>
<TR><TD>bin</TD> <TD>ac,gvr,ee</TD> <TD>imp,md,gvr</TD> <TD>Open</TD>
<TR><TD>sbin</TD> <TD>taob,imp,ee,or</TD> <TD>md,gvr</TD> <TD>Open</TD>
<TR><TD>usr.sbin</TD> <TD>imp,rd,marc,ee,ejc,jm</TD> <TD>md,gvr</TD> <TD>Open</TD>
<TR><TD>usr.bin</TD> <TD>rb,rjk,rd,jha,ee,ky,bob,jm</TD> <TD>md,gvr</TD> <TD>Open</TD>
<TR><TD>eBones</TD> <TD>mrvm</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>secure</TD> <TD>mrvm,dc</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>games</TD> <TD>xaa,ab,ee</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>lkm</TD> <TD>dob</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>release</TD> <TD>open</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>contrib</TD> <TD>cg</TD> <TD>gvr</TD> <TD>Open</TD>
<P></P><TABLE BORDER="2" CELLPADDING="3">
<TR><TH>Module</TH><TH>Auditor(s)</TH><TH>Reviewer(s)</TH>
<TH>Status</TH></TR>
<TR><TD><A HREF="mailto:audit-bin@FreeBSD.ORG">bin</A></TD>
<TD>
<A HREF="mailto:adrian@psinet.net.au">ac</A>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:guido@FreeBSD.org">gvr*</A>
<A HREF="mailto:jehamby@lightside.com">jh</A>
<A HREF="mailto:top@bird.cris.net">ka</A>
<A HREF="mailto:mudge@l0pht.com">mu</A>
<A HREF="mailto:vadim@tversu.ac.ru">vk</A>
</TD>
<TD><A HREF="mailto:imp@FreeBSD.org">imp*</A> <A HREF="mailto:dillon@best.net">md</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-contrib@FreeBSD.ORG">contrib</A></TD>
<TD>
<A HREF="mailto:gryphon@healer.com">cg</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-eBones@FreeBSD.ORG">eBones</A></TD>
<TD>
<A HREF="mailto:mark@grondar.za">mrvm*</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-games@FreeBSD.ORG">games</A></TD>
<TD>
<A HREF="mailto:aaronb@j51.com">ab</A>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:xaa@stack.nl">xaa</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-init@FreeBSD.ORG">init</A></TD>
<TD>
<A HREF="mailto:giles@nemeton.com.au">gl</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-lib@FreeBSD.ORG">lib</A></TD>
<TD>
<A HREF="mailto:apk@itl.waw.pl">ak</A>
<A HREF="mailto:nordquist@platinum.com">bjn</A>
<A HREF="mailto:pst@FreeBSD.org">pst*</A>
</TD>
<TD><A HREF="mailto:davidg@FreeBSD.org">dg*</A> <A HREF="mailto:imp@FreeBSD.org">imp*</A> <A HREF="mailto:jkh@FreeBSD.org">jkh*</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-libc@FreeBSD.ORG">libc</A></TD>
<TD>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:mudge@l0pht.com">mu</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-libexec@FreeBSD.ORG">libexec</A></TD>
<TD>
<A HREF="mailto:henrich@crh.cl.msu.edu">crh</A>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:imp@FreeBSD.org">imp*</A>
<A HREF="mailto:witr@rwwa.com">witr</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-lkm@FreeBSD.ORG">lkm</A></TD>
<TD>
<A HREF="mailto:obrien@NUXI.com">dob</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-sbin@FreeBSD.ORG">sbin</A></TD>
<TD>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:imp@FreeBSD.org">imp*</A>
<A HREF="mailto:roberto@keltia.freenix.fr">or*</A>
<A HREF="mailto:taob@risc.org">tao</A>
</TD>
<TD><A HREF="mailto:dillon@best.net">md</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-secure@FreeBSD.ORG">secure</A></TD>
<TD>
<A HREF="mailto:tenser@spitfire.ecsel.psu.edu">dc</A>
<A HREF="mailto:mark@grondar.za">mrvm*</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-telnetd@FreeBSD.ORG">telnetd</A></TD>
<TD>
<A HREF="mailto:adrian@psinet.net.au">ac</A>
<A HREF="mailto:davidn@labs.usn.blaze.net.au">dn</A>
</TD>
<TD><A HREF="mailto:imp@FreeBSD.org">imp*</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-usr.bin@FreeBSD.ORG">usr.bin</A></TD>
<TD>
<A HREF="mailto:bob@luke.pmr.com">bob</A>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:jha@cs.purdue.edu">jha</A>
<A HREF="mailto:mollers.pad@sni.de">jm</A>
<A HREF="mailto:yokota@zodiac.mech.utsunomiya-u.ac.jp">ky*</A>
<A HREF="mailto:rbezuide@oskar.nanoteq.co.za">rb</A>
<A HREF="mailto:rajivd@sprynet.com">rd</A>
<A HREF="mailto:rjk@grauel.com">rjk</A>
<A HREF="mailto:vadim@tversu.ac.ru">vk</A>
</TD>
<TD><A HREF="mailto:dillon@best.net">md</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-usr.sbin@FreeBSD.ORG">usr.sbin</A></TD>
<TD>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:ejc@gargoyle.bazzle.com">ejc</A>
<A HREF="mailto:giles@nemeton.com.au">gl</A>
<A HREF="mailto:imp@FreeBSD.org">imp*</A>
<A HREF="mailto:mollers.pad@sni.de">jm</A>
<A HREF="mailto:marcs@znep.com">marc</A>
<A HREF="mailto:rajivd@sprynet.com">rd</A>
</TD>
<TD><A HREF="mailto:dillon@best.net">md</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
</TABLE>
<H2>Auditor/Reviewer keys</H2>
@ -141,65 +245,187 @@ reach just the auditors & reviewers for a specific category, say
<a href="mailto:audit-usr.sbin@FreeBSD.org">
audit-<strong>usr.sbin</strong>@FreeBSD.org</a>.</P>
<TABLE cellpadding=2>
<TR><TH>Key</TH> <TH>Auditor/Reviewer Name and Email address</TH>
<TR><TD>ab</TD> <TD>Aaron Bornstein <a href="mailto:aaronb@j51.com">aaronb@j51.com</a></TD>
<TR><TD>ac</TD> <TD>Adrian Chadd <a href="mailto:adrian@psinet.net.au">adrian@psinet.net.au</a></TD>
<TR><TD>ak</TD> <TD>Adam Kubicki <a href="mailto:apk@itl.waw.pl">apk@itl.waw.pl</a></TD>
<TR><TD>am</TD> <TD>Albert Mietus <a href="mailto:albert@gamp.hacom.nl">albert@gamp.hacom.nl</a></TD>
<TR><TD>avk</TD> <TD>Alexander V. Kalganov <a href="mailto:top@sonic.cris.net">top@sonic.cris.net</a></TD>
<TR><TD>bb</TD> <TD>Bob Bishop <a href="mailto:rb@gid.co.uk">rb@gid.co.uk</a></TD>
<TR><TD>bob</TD> <TD>Bob Willcox <a href="mailto:bob@luke.pmr.com">bob@luke.pmr.com</a></TD>
<TR><TD>btm</TD> <TD>Brian T. Michely <a href="mailto:brianm@cmhcsys.com">brianm@cmhcsys.com</a></TD>
<TR><TD>cg</TD> <TD>Coranth Gryphon <a href="mailto:gryphon@healer.com">gryphon@healer.com</a></TD>
<TR><TD>cl</TD> <TD>Chris Lambertus <a href="mailto:cmlambertus@ucdavis.edu">cmlambertus@ucdavis.edu</a></TD>
<TR><TD>crh</TD> <TD>Charles Henrich <a href="mailto:henrich@crh.cl.msu.edu">henrich@crh.cl.msu.edu</a></TD>
<TR><TD>dc</TD> <TD>Dan Cross <a href="mailto:tenser@spitfire.ecsel.psu.edu">tenser@spitfire.ecsel.psu.edu</a></TD>
<TR><TD>dg*</TD> <TD>David Greenman <a href="mailto:davidg@FreeBSD.org">davidg@FreeBSD.org</a></TD>
<TR><TD>din</TD> <TD>Dinesh Nair <a href="mailto:dinesh@alphaque.com">dinesh@alphaque.com</a></TD>
<TR><TD>dn</TD> <TD>David Nugent <a href="mailto:davidn@labs.usn.blaze.net.au">davidn@labs.usn.blaze.net.au</a></TD>
<TR><TD>dob*</TD> <TD>David E. O'Brien <a href="mailto:obrien@FreeBSD.org">obrien@FreeBSD.org</a></TD>
<TR><TD>dz</TD> <TD>Danny J. Zerkel <a href="mailto:dzerkel@phofarm.com">dzerkel@phofarm.com</a></TD>
<TR><TD>ee</TD> <TD>Eivind Eklund <a href="mailto:eivind@FreeBSD.org">eivind@FreeBSD.org</a></TD>
<TR><TD>eh</TD> <TD>Elijah Hempstone <a href="mailto:avatar@gandalf.bss.sol.net">avatar@gandalf.bss.sol.net</a></TD>
<TR><TD>eh</TD> <TD>Ernest Hua <a href="mailto:hua@chromatic.com">hua@chromatic.com</a></TD>
<TR><TD>ejc</TD> <TD>Eric J. Chet <a href="mailto:ejc@gargoyle.bazzle.com">ejc@gargoyle.bazzle.com</a></TD>
<TR><TD>gl</TD> <TD>Giles Lean <a href="mailto:giles@nemeton.com.au">giles@nemeton.com.au</a></TD>
<TR><TD>gvr*</TD> <TD>Guido van Rooij <a href="mailto:guido@FreeBSD.org">guido@FreeBSD.org</a></TD>
<TR><TD>gw</TD> <TD>Graham Wheeler <a href="mailto:gram@oms.co.za">gram@oms.co.za</a></TD>
<TR><TD>imp*</TD> <TD>Warner Losh <a href="mailto:imp@FreeBSD.org">imp@FreeBSD.org</a></TD>
<TR><TD>jb</TD> <TD>Jim Bresler <a href="mailto:jfb11@inlink.com">jfb11@inlink.com</a></TD>
<TR><TD>jha</TD> <TD>John H. Aughey <a href="mailto:jha@cs.purdue.edu">jha@cs.purdue.edu</a></TD>
<TR><TD>jk</TD> <TD>Jerry Kendall <a href="mailto:Jerry@kcis.com">Jerry@kcis.com</a></TD>
<TR><TD>jkh*</TD> <TD>Jordan K. Hubbard <a href="mailto:jkh@FreeBSD.org">jkh@FreeBSD.org</a></TD>
<TR><TD>jm</TD> <TD>Josef Moellers <a href="mailto:mollers.pad@sni.de">mollers.pad@sni.de</a></TD>
<TR><TD>jmb*</TD> <TD>Jonathan M. Bresler <a href="mailto:jmb@FreeBSD.org">jmb@FreeBSD.org</a></TD>
<TR><TD>joe*</TD> <TD>Joe Greco <a href="mailto:jgreco@solaria.sol.net">jgreco@solaria.sol.net</a></TD>
<TR><TD>ki</TD> <TD>Kenneth Ingham <a href="mailto:ingham@i-pi.com">ingham@i-pi.com</a></TD>
<TR><TD>ky*</TD> <TD>Kazutaka YOKOTA <a href="mailto:yokota@zodiac.mech.utsunomiya-u.ac.jp">yokota@zodiac.mech.utsunomiya-u.ac.jp</a></TD>
<TR><TD>marc</TD> <TD>Marc Slemko <a href="mailto:marcs@znep.com">marcs@znep.com</a></TD>
<TR><TD>md</TD> <TD>Matt Dillon <a href="mailto:dillon@best.net">dillon@best.net</a></TD>
<TR><TD>mr</TD> <TD>Mike Romaniw <a href="mailto:msr@cuc.com">msr@cuc.com</a></TD>
<TR><TD>mrvm*</TD> <TD>Mark Murray <a href="mailto:mark@grondar.za">mark@grondar.za</a></TD>
<TR><TD>or*</TD> <TD>Ollivier Robert <a href="mailto:roberto@keltia.freenix.fr">roberto@keltia.freenix.fr</a></TD>
<TR><TD>pb</TD> <TD>Peter Blake <a href="mailto:ppb@baloo.tcp.co.uk">ppb@baloo.tcp.co.uk</a></TD>
<TR><TD>peter*</TD> <TD>Peter Wemm <a href="mailto:peter@FreeBSD.org">peter@FreeBSD.org</a>
<TR><TD>phk*</TD> <TD>Poul-Henning Kamp <a href="mailto:phk@FreeBSD.org">phk@FreeBSD.org</a></TD>
<TR><TD>pst*</TD> <TD>Paul Traina <a href="mailto:pst@FreeBSD.org">pst@FreeBSD.org</a></TD>
<TR><TD>rb</TD> <TD>Reinier Bezuidenhout <a href="mailto:rbezuide@oskar.nanoteq.co.za">rbezuide@oskar.nanoteq.co.za</a></TD>
<TR><TD>rd</TD> <TD>Rajiv Dighe <a href="mailto:rajivd@sprynet.com">rajivd@sprynet.com</a></TD>
<TR><TD>rel</TD> <TD>Roger Espel Llima <a href="mailto:espel@llaic.univ-bpclermont.fr">espel@llaic.univ-bpclermont.fr</a></TD>
<TR><TD>rjk</TD> <TD>Richard J Kuhns <a href="mailto:rjk@grauel.com">rjk@grauel.com</a>
<TR><TD>rm</TD> <TD>Robin Melville <a href="mailto:robmel@nadt.org.uk">robmel@nadt.org.uk</a></TD>
<TR><TD>rs</TD> <TD>Robert Sexton <a href="mailto:robert@kudra.com">robert@kudra.com</a></TD>
<TR><TD>sc</TD> <TD>Sergei Chechetkin <a href="mailto:csl@whale.sunbay.crimea.ua">csl@whale.sunbay.crimea.ua</a></TD>
<TR><TD>tao</TD> <TD>Brian Tao <a href="mailto:taob@risc.org">taob@risc.org</a></TD>
<TR><TD>tdr</TD> <TD>Thomas David Rivers <a href="mailto:ponds!rivers@dg-rtp.dg.com">ponds!rivers@dg-rtp.dg.com</a></TD>
<TR><TD>witr</TD> <TD>Robert Withrow <a href="mailto:witr@rwwa.com">witr@rwwa.com</a></TD>
<TR><TD>xaa</TD> <TD>Mark Huizer <a href="mailto:xaa@stack.nl">xaa@stack.nl</a></TD>
<TABLE CELLPADDING="2"><TR><TH>Key</TH>
<TH>Auditor/Reviewer Name and Email address</TH></TR>
<TR><td>ab</TD>
<TD>Aaron Bornstein <A HREF="mailto:aaronb@j51.com">
aaronb@j51.com</A></TD></TR>
<TR><td>ac</TD>
<TD>Adrian Chadd <A HREF="mailto:adrian@psinet.net.au">
adrian@psinet.net.au</A></TD></TR>
<TR><td>ak</TD>
<TD>Adam Kubicki <A HREF="mailto:apk@itl.waw.pl">
apk@itl.waw.pl</A></TD></TR>
<TR><td>am</TD>
<TD>Albert Mietus <A HREF="mailto:albert@gamp.hacom.nl">
albert@gamp.hacom.nl</A></TD></TR>
<TR><td>avk</TD>
<TD>Alexander V. Kalganov <A HREF="mailto:top@sonic.cris.net">
top@sonic.cris.net</A></TD></TR>
<TR><td>bb</TD>
<TD>Bob Bishop <A HREF="mailto:rb@gid.co.uk">
rb@gid.co.uk</A></TD></TR>
<TR><td>bjn</TD>
<TD>Brent J. Nordquist <A HREF="mailto:nordquist@platinum.com">
nordquist@platinum.com</A></TD></TR>
<TR><td>bob</TD>
<TD>Bob Willcox <A HREF="mailto:bob@luke.pmr.com">
bob@luke.pmr.com</A></TD></TR>
<TR><td>btm</TD>
<TD>Brian T. Michely <A HREF="mailto:brianm@cmhcsys.com">
brianm@cmhcsys.com</A></TD></TR>
<TR><td>cg</TD>
<TD>Coranth Gryphon <A HREF="mailto:gryphon@healer.com">
gryphon@healer.com</A></TD></TR>
<TR><td>cl</TD>
<TD>Chris Lambertus <A HREF="mailto:cmlambertus@ucdavis.edu">
cmlambertus@ucdavis.edu</A></TD></TR>
<TR><td>crh</TD>
<TD>Charles Henrich <A HREF="mailto:henrich@crh.cl.msu.edu">
henrich@crh.cl.msu.edu</A></TD></TR>
<TR><td>dc</TD>
<TD>Dan Cross <A HREF="mailto:tenser@spitfire.ecsel.psu.edu">
tenser@spitfire.ecsel.psu.edu</A></TD></TR>
<TR><td>dg*</TD>
<TD>David Greenman <A HREF="mailto:davidg@FreeBSD.org">
davidg@FreeBSD.org</A></TD></TR>
<TR><td>din</TD>
<TD>Dinesh Nair <A HREF="mailto:dinesh@alphaque.com">
dinesh@alphaque.com</A></TD></TR>
<TR><td>dn</TD>
<TD>David Nugent <A HREF="mailto:davidn@labs.usn.blaze.net.au">
davidn@labs.usn.blaze.net.au</A></TD></TR>
<TR><td>dob</TD>
<TD>David E. O'Brien <A HREF="mailto:obrien@NUXI.com">
obrien@NUXI.com</A></TD></TR>
<TR><td>dz</TD>
<TD>Danny J. Zerkel <A HREF="mailto:dzerkel@phofarm.com">
dzerkel@phofarm.com</A></TD></TR>
<TR><td>ee</TD>
<TD>Eivind Eklund <A HREF="mailto:eivind@FreeBSD.org">
eivind@FreeBSD.org</A></TD></TR>
<TR><td>eh</TD>
<TD>Elijah Hempstone <A HREF="mailto:avatar@gandalf.bss.sol.net">
avatar@gandalf.bss.sol.net</A></TD></TR>
<TR><td>ehu</TD>
<TD>Ernest Hua <A HREF="mailto:hua@chromatic.com">
hua@chromatic.com</A></TD></TR>
<TR><td>ejc</TD>
<TD>Eric J. Chet <A HREF="mailto:ejc@gargoyle.bazzle.com">
ejc@gargoyle.bazzle.com</A></TD></TR>
<TR><td>gl</TD>
<TD>Giles Lean <A HREF="mailto:giles@nemeton.com.au">
giles@nemeton.com.au</A></TD></TR>
<TR><td>gvr*</TD>
<TD>Guido van Rooij <A HREF="mailto:guido@FreeBSD.org">
guido@FreeBSD.org</A></TD></TR>
<TR><td>gw</TD>
<TD>Graham Wheeler <A HREF="mailto:gram@oms.co.za">
gram@oms.co.za</A></TD></TR>
<TR><td>imp*</TD>
<TD>Warner Losh <A HREF="mailto:imp@FreeBSD.org">
imp@FreeBSD.org</A></TD></TR>
<TR><td>jb</TD>
<TD>Jim Bresler <A HREF="mailto:jfb11@inlink.com">
jfb11@inlink.com</A></TD></TR>
<TR><td>jh</TD>
<TD>Jake Hamby <A HREF="mailto:jehamby@lightside.com">
jehamby@lightside.com</A></TD></TR>
<TR><td>jha</TD>
<TD>John H. Aughey <A HREF="mailto:jha@cs.purdue.edu">
jha@cs.purdue.edu</A></TD></TR>
<TR><td>jk</TD>
<TD>Jerry Kendall <A HREF="mailto:Jerry@kcis.com">
Jerry@kcis.com</A></TD></TR>
<TR><td>jkh*</TD>
<TD>Jordan K. Hubbard <A HREF="mailto:jkh@FreeBSD.org">
jkh@FreeBSD.org</A></TD></TR>
<TR><td>jm</TD>
<TD>Josef Moellers <A HREF="mailto:mollers.pad@sni.de">
mollers.pad@sni.de</A></TD></TR>
<TR><td>jmb*</TD>
<TD>Jonathan M. Bresler <A HREF="mailto:jmb@FreeBSD.org">
jmb@FreeBSD.org</A></TD></TR>
<TR><td>joe*</TD>
<TD>Joe Greco <A HREF="mailto:jgreco@solaria.sol.net">
jgreco@solaria.sol.net</A></TD></TR>
<TR><td>ka</TD>
<TD>Kalganov Alexander <A HREF="mailto:top@bird.cris.net">
top@bird.cris.net</A></TD></TR>
<TR><td>ki</TD>
<TD>Kenneth Ingham <A HREF="mailto:ingham@i-pi.com">
ingham@i-pi.com</A></TD></TR>
<TR><td>ky*</TD>
<TD>Kazutaka YOKOTA <A HREF="mailto:yokota@zodiac.mech.utsunomiya-u.ac.jp">
yokota@zodiac.mech.utsunomiya-u.ac.jp</A></TD></TR>
<TR><td>marc</TD>
<TD>Marc Slemko <A HREF="mailto:marcs@znep.com">
marcs@znep.com</A></TD></TR>
<TR><td>md</TD>
<TD>Matt Dillon <A HREF="mailto:dillon@best.net">
dillon@best.net</A></TD></TR>
<TR><td>mr</TD>
<TD>Mike Romaniw <A HREF="mailto:msr@cuc.com">
msr@cuc.com</A></TD></TR>
<TR><td>mrvm*</TD>
<TD>Mark Murray <A HREF="mailto:mark@grondar.za">
mark@grondar.za</A></TD></TR>
<TR><td>mu</TD>
<TD>Mudge <A HREF="mailto:mudge@l0pht.com">
mudge@l0pht.com</A></TD></TR>
<TR><td>or*</TD>
<TD>Ollivier Robert <A HREF="mailto:roberto@keltia.freenix.fr">
roberto@keltia.freenix.fr</A></TD></TR>
<TR><td>pb</TD>
<TD>Peter Blake <A HREF="mailto:ppb@baloo.tcp.co.uk">
ppb@baloo.tcp.co.uk</A></TD></TR>
<TR><td>peter*</TD>
<TD>Peter Wemm <A HREF="mailto:peter@FreeBSD.org">
peter@FreeBSD.org</A></TD></TR>
<TR><td>phk*</TD>
<TD>Poul-Henning Kamp <A HREF="mailto:phk@FreeBSD.org">
phk@FreeBSD.org</A></TD></TR>
<TR><td>pst*</TD>
<TD>Paul Traina <A HREF="mailto:pst@FreeBSD.org">
pst@FreeBSD.org</A></TD></TR>
<TR><td>rb</TD>
<TD>Reinier Bezuidenhout <A HREF="mailto:rbezuide@oskar.nanoteq.co.za">
rbezuide@oskar.nanoteq.co.za</A></TD></TR>
<TR><td>rd</TD>
<TD>Rajiv Dighe <A HREF="mailto:rajivd@sprynet.com">
rajivd@sprynet.com</A></TD></TR>
<TR><td>rel</TD>
<TD>Roger Espel Llima <A HREF="mailto:espel@llaic.univ-bpclermont.fr">
espel@llaic.univ-bpclermont.fr</A></TD></TR>
<TR><td>rjk</TD>
<TD>Richard J Kuhns <A HREF="mailto:rjk@grauel.com">
rjk@grauel.com</A></TD></TR>
<TR><td>rm</TD>
<TD>Robin Melville <A HREF="mailto:robmel@nadt.org.uk">
robmel@nadt.org.uk</A></TD></TR>
<TR><td>rs</TD>
<TD>Robert Sexton <A HREF="mailto:robert@kudra.com">
robert@kudra.com</A></TD></TR>
<TR><td>sc</TD>
<TD>Sergei Chechetkin <A HREF="mailto:csl@whale.sunbay.crimea.ua">
csl@whale.sunbay.crimea.ua</A></TD></TR>
<TR><td>tao</TD>
<TD>Brian Tao <A HREF="mailto:taob@risc.org">
taob@risc.org</A></TD></TR>
<TR><td>tdr</TD>
<TD>Thomas David Rivers <A HREF="mailto:ponds!rivers@dg-rtp.dg.com">
ponds!rivers@dg-rtp.dg.com</A></TD></TR>
<TR><td>vk</TD>
<TD>Vadim Kolontsov <A HREF="mailto:vadim@tversu.ac.ru">
vadim@tversu.ac.ru</A></TD></TR>
<TR><td>witr</TD>
<TD>Robert Withrow <A HREF="mailto:witr@rwwa.com">
witr@rwwa.com</A></TD></TR>
<TR><td>xaa</TD>
<TD>Mark Huizer <A HREF="mailto:xaa@stack.nl">
xaa@stack.nl</A></TD></TR>
</TABLE>
<h3>* = Has CVS commit privileges.</h3>
<H3>* = Has CVS commit privileges.</H3>
&footer;
</BODY>

View file

@ -1,5 +1,5 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY date "$Date: 1997-02-15 13:28:51 $">
<!ENTITY date "$Date: 1997-02-19 13:49:11 $">
<!ENTITY title "FreeBSD Security Guide">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>
@ -14,7 +14,7 @@
<H1>FreeBSD Security Guide</H1>
<em>Last Updated: $Date: 1997-02-15 13:28:51 $ </em>
<em>Last Updated: $Date: 1997-02-19 13:49:11 $ </em>
<P>This guide attempts to document some of the tips and tricks used by
many FreeBSD security experts for securing systems and writing secure
@ -24,16 +24,20 @@ if and when they should happen. It also lists the various ways in which
the systems programmer can become more security conscious and less likely
to introduce security holes in the first place.
<p>We welcome your comments on the contents and correctness of this page.
Please send email to <a href="mailto:security-officer@freebsd.org">the
FreeBSD Security Officers</a> if you have changes you'd like to see here.
<H2>How to secure a FreeBSD system:</H2>
<UL>
<LI>This section needs to be written.
<LI>XXX This section needs to be written.
</UL>
<H2>How to recover from a security compromise </H2>
<UL>
<LI>This section also needs to be written.
<LI>XXX This section also needs to be written.
</UL>
<H2>Security Do's and Don'ts for Programmers:</H2>
@ -50,8 +54,18 @@ to introduce security holes in the first place.
<LI><A NAME="#rule1_1"></A>strcpy() and sprintf() calls from
unbounded data. Use strncpy() and snprintf() when the length is known
(or implement some other form of bounds-checking when it's not).
In fact, never use gets(3) or sprintf(3), period.
<P><LI><A NAME="#rule1_2"></A>Watch for strvis() and getenv() abuse.
<P><LI><A NAME="#rule1_2"></A>Watch for strvis(3) and getenv(3) abuse.
strvis() is easy to get the destination string wrong for, and getenv()
can return strings much longer than the user might expect - they are
one of the key ways an attack is often made on a program, causing it
to overwrite stack or variables by setting its environment variables
to unexpected values. If your program reads environment variables,
be paranoid!
<P><LI>Every time you see an open(2) or stat(2) call, ask yourself, "What
if it's a symbolic link?"
<P><LI><A NAME="#rule1_3"></A>All uses of mktemp(), tempnam(), mkstemp(),
etc.; make sure that they use mkstemp() instead. Also look for races in
@ -61,6 +75,9 @@ to introduce security holes in the first place.
<LI>Creating a directory. This will either succeed or fail.
<LI>Opening a file O_CREAT | O_EXCL
</UL>
mkstemp(3) properly handles this for you, so all temp files should
use mkstemp to guarantee there's no race and that the permissions
are right.
<P><LI><A NAME="#rule1_4"></A>If an attacker can force packets to go/come
from another arbitrary system then that hacker has complete control
@ -144,6 +161,32 @@ to introduce security holes in the first place.
<P><LI><A NAME="#rule6"></A>Pay special attention to realloc() usage - more
often than not, it's not done correctly.
<P><LI>When using fixed-size buffers, use sizeof() to prevent lossage when
a buffer size is changed but the code which uses it isn't. For example:
<LISTING>
char buf[1024];
struct foo { ... };
...
BAD:
xxx(buf, 1024)
xxx(yyy, sizeof(struct foo))
GOOD:
xxx(buf, sizeof(buf))
xxx(yyy, sizeof(yyy))
</LISTING>
<P><LI>Every time you see "char foo[###]", check every usage of foo to
make sure it can't be overflowed. If you can't avoid overflow
(and cases of this have been seen) then at least malloc the buffer
so you can't walk on the stack.
<P><LI>Always close file descriptors as soon as you can -- this makes it
more likely that the stdio buffer contents will be discarded. In
library routines, always set any file descriptors that you open to
close-on-exec.
<P>
</UL>
&footer;

View file

@ -1,5 +1,5 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY date "$Date: 1997-02-18 01:04:17 $">
<!ENTITY date "$Date: 1997-02-19 13:49:10 $">
<!ENTITY title "FreeBSD Auditing Project">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>
@ -14,7 +14,7 @@
<H1>General Information</H1>
<em>Last Updated: $Date: 1997-02-18 01:04:17 $ </em>
<em>Last Updated: $Date: 1997-02-19 13:49:10 $ </em>
<H2>Overview</H2>
@ -84,9 +84,11 @@ into the <strong>2.1</strong> and <strong>2.2</strong> branches.
complex that I have turned it into a <a href="security.html">FreeBSD
Security Guide</a>. Please read this now if you haven't already.
Another excellent document is the <a
Other excellent documents are the <a
href="ftp://ftp.auscert.org.au/pub/auscert/papers/secure_programming_checklist">
Secure Programming Checklist</a>, available from AUSCERT.
Secure Programming Checklist</a> and the <a
href="ftp://ftp.auscert.org.au/pub/auscert/papers/unix_security_checklist">
Unix Security Checklist</a>, both available from AUSCERT.
<H2>Sign-Up sheet:</H2>
@ -109,24 +111,126 @@ auditors will be assuming that the other 10 items are handled!</P>
To sign up for something, please send mail to <a
href="mailto:jkh@FreeBSD.org"> jkh@FreeBSD.org</a>.
<P>
<TABLE border=2 cellpadding=3>
<TR><TH>Module</TH> <TH>Auditor(s)</TH> <TH>Reviewer(s)</TH> <TH>Status</TH>
<TR><TD>lib</TD> <TD>pst,ak</TD> <TD>jkh,dg,gvr,imp</TD> <TD>gvr</TD>
<TR><TD>libc</TD> <TD>ee</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>libdisk</TD> <TD>open</TD> <TD>phk,gvr</TD> <TD>Open</TD>
<TR><TD>libexec</TD> <TD>imp,crh,ee,witr</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>telnetd</TD> <TD>ac,dn</TD> <TD>imp,gvr</TD> <TD>Open</TD>
<TR><TD>bin</TD> <TD>ac,gvr,ee</TD> <TD>imp,md,gvr</TD> <TD>Open</TD>
<TR><TD>sbin</TD> <TD>taob,imp,ee,or</TD> <TD>md,gvr</TD> <TD>Open</TD>
<TR><TD>usr.sbin</TD> <TD>imp,rd,marc,ee,ejc,jm</TD> <TD>md,gvr</TD> <TD>Open</TD>
<TR><TD>usr.bin</TD> <TD>rb,rjk,rd,jha,ee,ky,bob,jm</TD> <TD>md,gvr</TD> <TD>Open</TD>
<TR><TD>eBones</TD> <TD>mrvm</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>secure</TD> <TD>mrvm,dc</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>games</TD> <TD>xaa,ab,ee</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>lkm</TD> <TD>dob</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>release</TD> <TD>open</TD> <TD>gvr</TD> <TD>Open</TD>
<TR><TD>contrib</TD> <TD>cg</TD> <TD>gvr</TD> <TD>Open</TD>
<P></P><TABLE BORDER="2" CELLPADDING="3">
<TR><TH>Module</TH><TH>Auditor(s)</TH><TH>Reviewer(s)</TH>
<TH>Status</TH></TR>
<TR><TD><A HREF="mailto:audit-bin@FreeBSD.ORG">bin</A></TD>
<TD>
<A HREF="mailto:adrian@psinet.net.au">ac</A>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:guido@FreeBSD.org">gvr*</A>
<A HREF="mailto:jehamby@lightside.com">jh</A>
<A HREF="mailto:top@bird.cris.net">ka</A>
<A HREF="mailto:mudge@l0pht.com">mu</A>
<A HREF="mailto:vadim@tversu.ac.ru">vk</A>
</TD>
<TD><A HREF="mailto:imp@FreeBSD.org">imp*</A> <A HREF="mailto:dillon@best.net">md</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-contrib@FreeBSD.ORG">contrib</A></TD>
<TD>
<A HREF="mailto:gryphon@healer.com">cg</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-eBones@FreeBSD.ORG">eBones</A></TD>
<TD>
<A HREF="mailto:mark@grondar.za">mrvm*</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-games@FreeBSD.ORG">games</A></TD>
<TD>
<A HREF="mailto:aaronb@j51.com">ab</A>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:xaa@stack.nl">xaa</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-init@FreeBSD.ORG">init</A></TD>
<TD>
<A HREF="mailto:giles@nemeton.com.au">gl</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-lib@FreeBSD.ORG">lib</A></TD>
<TD>
<A HREF="mailto:apk@itl.waw.pl">ak</A>
<A HREF="mailto:nordquist@platinum.com">bjn</A>
<A HREF="mailto:pst@FreeBSD.org">pst*</A>
</TD>
<TD><A HREF="mailto:davidg@FreeBSD.org">dg*</A> <A HREF="mailto:imp@FreeBSD.org">imp*</A> <A HREF="mailto:jkh@FreeBSD.org">jkh*</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-libc@FreeBSD.ORG">libc</A></TD>
<TD>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:mudge@l0pht.com">mu</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-libexec@FreeBSD.ORG">libexec</A></TD>
<TD>
<A HREF="mailto:henrich@crh.cl.msu.edu">crh</A>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:imp@FreeBSD.org">imp*</A>
<A HREF="mailto:witr@rwwa.com">witr</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-lkm@FreeBSD.ORG">lkm</A></TD>
<TD>
<A HREF="mailto:obrien@NUXI.com">dob</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-sbin@FreeBSD.ORG">sbin</A></TD>
<TD>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:imp@FreeBSD.org">imp*</A>
<A HREF="mailto:roberto@keltia.freenix.fr">or*</A>
<A HREF="mailto:taob@risc.org">tao</A>
</TD>
<TD><A HREF="mailto:dillon@best.net">md</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-secure@FreeBSD.ORG">secure</A></TD>
<TD>
<A HREF="mailto:tenser@spitfire.ecsel.psu.edu">dc</A>
<A HREF="mailto:mark@grondar.za">mrvm*</A>
</TD>
<TD><A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-telnetd@FreeBSD.ORG">telnetd</A></TD>
<TD>
<A HREF="mailto:adrian@psinet.net.au">ac</A>
<A HREF="mailto:davidn@labs.usn.blaze.net.au">dn</A>
</TD>
<TD><A HREF="mailto:imp@FreeBSD.org">imp*</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-usr.bin@FreeBSD.ORG">usr.bin</A></TD>
<TD>
<A HREF="mailto:bob@luke.pmr.com">bob</A>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:jha@cs.purdue.edu">jha</A>
<A HREF="mailto:mollers.pad@sni.de">jm</A>
<A HREF="mailto:yokota@zodiac.mech.utsunomiya-u.ac.jp">ky*</A>
<A HREF="mailto:rbezuide@oskar.nanoteq.co.za">rb</A>
<A HREF="mailto:rajivd@sprynet.com">rd</A>
<A HREF="mailto:rjk@grauel.com">rjk</A>
<A HREF="mailto:vadim@tversu.ac.ru">vk</A>
</TD>
<TD><A HREF="mailto:dillon@best.net">md</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
<TR><TD><A HREF="mailto:audit-usr.sbin@FreeBSD.ORG">usr.sbin</A></TD>
<TD>
<A HREF="mailto:eivind@FreeBSD.org">ee</A>
<A HREF="mailto:ejc@gargoyle.bazzle.com">ejc</A>
<A HREF="mailto:giles@nemeton.com.au">gl</A>
<A HREF="mailto:imp@FreeBSD.org">imp*</A>
<A HREF="mailto:mollers.pad@sni.de">jm</A>
<A HREF="mailto:marcs@znep.com">marc</A>
<A HREF="mailto:rajivd@sprynet.com">rd</A>
</TD>
<TD><A HREF="mailto:dillon@best.net">md</A> <A HREF="mailto: guido@FreeBSD.org">gvr*</A> </TD>
<TD>Open</TD>
</TABLE>
<H2>Auditor/Reviewer keys</H2>
@ -141,65 +245,187 @@ reach just the auditors & reviewers for a specific category, say
<a href="mailto:audit-usr.sbin@FreeBSD.org">
audit-<strong>usr.sbin</strong>@FreeBSD.org</a>.</P>
<TABLE cellpadding=2>
<TR><TH>Key</TH> <TH>Auditor/Reviewer Name and Email address</TH>
<TR><TD>ab</TD> <TD>Aaron Bornstein <a href="mailto:aaronb@j51.com">aaronb@j51.com</a></TD>
<TR><TD>ac</TD> <TD>Adrian Chadd <a href="mailto:adrian@psinet.net.au">adrian@psinet.net.au</a></TD>
<TR><TD>ak</TD> <TD>Adam Kubicki <a href="mailto:apk@itl.waw.pl">apk@itl.waw.pl</a></TD>
<TR><TD>am</TD> <TD>Albert Mietus <a href="mailto:albert@gamp.hacom.nl">albert@gamp.hacom.nl</a></TD>
<TR><TD>avk</TD> <TD>Alexander V. Kalganov <a href="mailto:top@sonic.cris.net">top@sonic.cris.net</a></TD>
<TR><TD>bb</TD> <TD>Bob Bishop <a href="mailto:rb@gid.co.uk">rb@gid.co.uk</a></TD>
<TR><TD>bob</TD> <TD>Bob Willcox <a href="mailto:bob@luke.pmr.com">bob@luke.pmr.com</a></TD>
<TR><TD>btm</TD> <TD>Brian T. Michely <a href="mailto:brianm@cmhcsys.com">brianm@cmhcsys.com</a></TD>
<TR><TD>cg</TD> <TD>Coranth Gryphon <a href="mailto:gryphon@healer.com">gryphon@healer.com</a></TD>
<TR><TD>cl</TD> <TD>Chris Lambertus <a href="mailto:cmlambertus@ucdavis.edu">cmlambertus@ucdavis.edu</a></TD>
<TR><TD>crh</TD> <TD>Charles Henrich <a href="mailto:henrich@crh.cl.msu.edu">henrich@crh.cl.msu.edu</a></TD>
<TR><TD>dc</TD> <TD>Dan Cross <a href="mailto:tenser@spitfire.ecsel.psu.edu">tenser@spitfire.ecsel.psu.edu</a></TD>
<TR><TD>dg*</TD> <TD>David Greenman <a href="mailto:davidg@FreeBSD.org">davidg@FreeBSD.org</a></TD>
<TR><TD>din</TD> <TD>Dinesh Nair <a href="mailto:dinesh@alphaque.com">dinesh@alphaque.com</a></TD>
<TR><TD>dn</TD> <TD>David Nugent <a href="mailto:davidn@labs.usn.blaze.net.au">davidn@labs.usn.blaze.net.au</a></TD>
<TR><TD>dob*</TD> <TD>David E. O'Brien <a href="mailto:obrien@FreeBSD.org">obrien@FreeBSD.org</a></TD>
<TR><TD>dz</TD> <TD>Danny J. Zerkel <a href="mailto:dzerkel@phofarm.com">dzerkel@phofarm.com</a></TD>
<TR><TD>ee</TD> <TD>Eivind Eklund <a href="mailto:eivind@FreeBSD.org">eivind@FreeBSD.org</a></TD>
<TR><TD>eh</TD> <TD>Elijah Hempstone <a href="mailto:avatar@gandalf.bss.sol.net">avatar@gandalf.bss.sol.net</a></TD>
<TR><TD>eh</TD> <TD>Ernest Hua <a href="mailto:hua@chromatic.com">hua@chromatic.com</a></TD>
<TR><TD>ejc</TD> <TD>Eric J. Chet <a href="mailto:ejc@gargoyle.bazzle.com">ejc@gargoyle.bazzle.com</a></TD>
<TR><TD>gl</TD> <TD>Giles Lean <a href="mailto:giles@nemeton.com.au">giles@nemeton.com.au</a></TD>
<TR><TD>gvr*</TD> <TD>Guido van Rooij <a href="mailto:guido@FreeBSD.org">guido@FreeBSD.org</a></TD>
<TR><TD>gw</TD> <TD>Graham Wheeler <a href="mailto:gram@oms.co.za">gram@oms.co.za</a></TD>
<TR><TD>imp*</TD> <TD>Warner Losh <a href="mailto:imp@FreeBSD.org">imp@FreeBSD.org</a></TD>
<TR><TD>jb</TD> <TD>Jim Bresler <a href="mailto:jfb11@inlink.com">jfb11@inlink.com</a></TD>
<TR><TD>jha</TD> <TD>John H. Aughey <a href="mailto:jha@cs.purdue.edu">jha@cs.purdue.edu</a></TD>
<TR><TD>jk</TD> <TD>Jerry Kendall <a href="mailto:Jerry@kcis.com">Jerry@kcis.com</a></TD>
<TR><TD>jkh*</TD> <TD>Jordan K. Hubbard <a href="mailto:jkh@FreeBSD.org">jkh@FreeBSD.org</a></TD>
<TR><TD>jm</TD> <TD>Josef Moellers <a href="mailto:mollers.pad@sni.de">mollers.pad@sni.de</a></TD>
<TR><TD>jmb*</TD> <TD>Jonathan M. Bresler <a href="mailto:jmb@FreeBSD.org">jmb@FreeBSD.org</a></TD>
<TR><TD>joe*</TD> <TD>Joe Greco <a href="mailto:jgreco@solaria.sol.net">jgreco@solaria.sol.net</a></TD>
<TR><TD>ki</TD> <TD>Kenneth Ingham <a href="mailto:ingham@i-pi.com">ingham@i-pi.com</a></TD>
<TR><TD>ky*</TD> <TD>Kazutaka YOKOTA <a href="mailto:yokota@zodiac.mech.utsunomiya-u.ac.jp">yokota@zodiac.mech.utsunomiya-u.ac.jp</a></TD>
<TR><TD>marc</TD> <TD>Marc Slemko <a href="mailto:marcs@znep.com">marcs@znep.com</a></TD>
<TR><TD>md</TD> <TD>Matt Dillon <a href="mailto:dillon@best.net">dillon@best.net</a></TD>
<TR><TD>mr</TD> <TD>Mike Romaniw <a href="mailto:msr@cuc.com">msr@cuc.com</a></TD>
<TR><TD>mrvm*</TD> <TD>Mark Murray <a href="mailto:mark@grondar.za">mark@grondar.za</a></TD>
<TR><TD>or*</TD> <TD>Ollivier Robert <a href="mailto:roberto@keltia.freenix.fr">roberto@keltia.freenix.fr</a></TD>
<TR><TD>pb</TD> <TD>Peter Blake <a href="mailto:ppb@baloo.tcp.co.uk">ppb@baloo.tcp.co.uk</a></TD>
<TR><TD>peter*</TD> <TD>Peter Wemm <a href="mailto:peter@FreeBSD.org">peter@FreeBSD.org</a>
<TR><TD>phk*</TD> <TD>Poul-Henning Kamp <a href="mailto:phk@FreeBSD.org">phk@FreeBSD.org</a></TD>
<TR><TD>pst*</TD> <TD>Paul Traina <a href="mailto:pst@FreeBSD.org">pst@FreeBSD.org</a></TD>
<TR><TD>rb</TD> <TD>Reinier Bezuidenhout <a href="mailto:rbezuide@oskar.nanoteq.co.za">rbezuide@oskar.nanoteq.co.za</a></TD>
<TR><TD>rd</TD> <TD>Rajiv Dighe <a href="mailto:rajivd@sprynet.com">rajivd@sprynet.com</a></TD>
<TR><TD>rel</TD> <TD>Roger Espel Llima <a href="mailto:espel@llaic.univ-bpclermont.fr">espel@llaic.univ-bpclermont.fr</a></TD>
<TR><TD>rjk</TD> <TD>Richard J Kuhns <a href="mailto:rjk@grauel.com">rjk@grauel.com</a>
<TR><TD>rm</TD> <TD>Robin Melville <a href="mailto:robmel@nadt.org.uk">robmel@nadt.org.uk</a></TD>
<TR><TD>rs</TD> <TD>Robert Sexton <a href="mailto:robert@kudra.com">robert@kudra.com</a></TD>
<TR><TD>sc</TD> <TD>Sergei Chechetkin <a href="mailto:csl@whale.sunbay.crimea.ua">csl@whale.sunbay.crimea.ua</a></TD>
<TR><TD>tao</TD> <TD>Brian Tao <a href="mailto:taob@risc.org">taob@risc.org</a></TD>
<TR><TD>tdr</TD> <TD>Thomas David Rivers <a href="mailto:ponds!rivers@dg-rtp.dg.com">ponds!rivers@dg-rtp.dg.com</a></TD>
<TR><TD>witr</TD> <TD>Robert Withrow <a href="mailto:witr@rwwa.com">witr@rwwa.com</a></TD>
<TR><TD>xaa</TD> <TD>Mark Huizer <a href="mailto:xaa@stack.nl">xaa@stack.nl</a></TD>
<TABLE CELLPADDING="2"><TR><TH>Key</TH>
<TH>Auditor/Reviewer Name and Email address</TH></TR>
<TR><td>ab</TD>
<TD>Aaron Bornstein <A HREF="mailto:aaronb@j51.com">
aaronb@j51.com</A></TD></TR>
<TR><td>ac</TD>
<TD>Adrian Chadd <A HREF="mailto:adrian@psinet.net.au">
adrian@psinet.net.au</A></TD></TR>
<TR><td>ak</TD>
<TD>Adam Kubicki <A HREF="mailto:apk@itl.waw.pl">
apk@itl.waw.pl</A></TD></TR>
<TR><td>am</TD>
<TD>Albert Mietus <A HREF="mailto:albert@gamp.hacom.nl">
albert@gamp.hacom.nl</A></TD></TR>
<TR><td>avk</TD>
<TD>Alexander V. Kalganov <A HREF="mailto:top@sonic.cris.net">
top@sonic.cris.net</A></TD></TR>
<TR><td>bb</TD>
<TD>Bob Bishop <A HREF="mailto:rb@gid.co.uk">
rb@gid.co.uk</A></TD></TR>
<TR><td>bjn</TD>
<TD>Brent J. Nordquist <A HREF="mailto:nordquist@platinum.com">
nordquist@platinum.com</A></TD></TR>
<TR><td>bob</TD>
<TD>Bob Willcox <A HREF="mailto:bob@luke.pmr.com">
bob@luke.pmr.com</A></TD></TR>
<TR><td>btm</TD>
<TD>Brian T. Michely <A HREF="mailto:brianm@cmhcsys.com">
brianm@cmhcsys.com</A></TD></TR>
<TR><td>cg</TD>
<TD>Coranth Gryphon <A HREF="mailto:gryphon@healer.com">
gryphon@healer.com</A></TD></TR>
<TR><td>cl</TD>
<TD>Chris Lambertus <A HREF="mailto:cmlambertus@ucdavis.edu">
cmlambertus@ucdavis.edu</A></TD></TR>
<TR><td>crh</TD>
<TD>Charles Henrich <A HREF="mailto:henrich@crh.cl.msu.edu">
henrich@crh.cl.msu.edu</A></TD></TR>
<TR><td>dc</TD>
<TD>Dan Cross <A HREF="mailto:tenser@spitfire.ecsel.psu.edu">
tenser@spitfire.ecsel.psu.edu</A></TD></TR>
<TR><td>dg*</TD>
<TD>David Greenman <A HREF="mailto:davidg@FreeBSD.org">
davidg@FreeBSD.org</A></TD></TR>
<TR><td>din</TD>
<TD>Dinesh Nair <A HREF="mailto:dinesh@alphaque.com">
dinesh@alphaque.com</A></TD></TR>
<TR><td>dn</TD>
<TD>David Nugent <A HREF="mailto:davidn@labs.usn.blaze.net.au">
davidn@labs.usn.blaze.net.au</A></TD></TR>
<TR><td>dob</TD>
<TD>David E. O'Brien <A HREF="mailto:obrien@NUXI.com">
obrien@NUXI.com</A></TD></TR>
<TR><td>dz</TD>
<TD>Danny J. Zerkel <A HREF="mailto:dzerkel@phofarm.com">
dzerkel@phofarm.com</A></TD></TR>
<TR><td>ee</TD>
<TD>Eivind Eklund <A HREF="mailto:eivind@FreeBSD.org">
eivind@FreeBSD.org</A></TD></TR>
<TR><td>eh</TD>
<TD>Elijah Hempstone <A HREF="mailto:avatar@gandalf.bss.sol.net">
avatar@gandalf.bss.sol.net</A></TD></TR>
<TR><td>ehu</TD>
<TD>Ernest Hua <A HREF="mailto:hua@chromatic.com">
hua@chromatic.com</A></TD></TR>
<TR><td>ejc</TD>
<TD>Eric J. Chet <A HREF="mailto:ejc@gargoyle.bazzle.com">
ejc@gargoyle.bazzle.com</A></TD></TR>
<TR><td>gl</TD>
<TD>Giles Lean <A HREF="mailto:giles@nemeton.com.au">
giles@nemeton.com.au</A></TD></TR>
<TR><td>gvr*</TD>
<TD>Guido van Rooij <A HREF="mailto:guido@FreeBSD.org">
guido@FreeBSD.org</A></TD></TR>
<TR><td>gw</TD>
<TD>Graham Wheeler <A HREF="mailto:gram@oms.co.za">
gram@oms.co.za</A></TD></TR>
<TR><td>imp*</TD>
<TD>Warner Losh <A HREF="mailto:imp@FreeBSD.org">
imp@FreeBSD.org</A></TD></TR>
<TR><td>jb</TD>
<TD>Jim Bresler <A HREF="mailto:jfb11@inlink.com">
jfb11@inlink.com</A></TD></TR>
<TR><td>jh</TD>
<TD>Jake Hamby <A HREF="mailto:jehamby@lightside.com">
jehamby@lightside.com</A></TD></TR>
<TR><td>jha</TD>
<TD>John H. Aughey <A HREF="mailto:jha@cs.purdue.edu">
jha@cs.purdue.edu</A></TD></TR>
<TR><td>jk</TD>
<TD>Jerry Kendall <A HREF="mailto:Jerry@kcis.com">
Jerry@kcis.com</A></TD></TR>
<TR><td>jkh*</TD>
<TD>Jordan K. Hubbard <A HREF="mailto:jkh@FreeBSD.org">
jkh@FreeBSD.org</A></TD></TR>
<TR><td>jm</TD>
<TD>Josef Moellers <A HREF="mailto:mollers.pad@sni.de">
mollers.pad@sni.de</A></TD></TR>
<TR><td>jmb*</TD>
<TD>Jonathan M. Bresler <A HREF="mailto:jmb@FreeBSD.org">
jmb@FreeBSD.org</A></TD></TR>
<TR><td>joe*</TD>
<TD>Joe Greco <A HREF="mailto:jgreco@solaria.sol.net">
jgreco@solaria.sol.net</A></TD></TR>
<TR><td>ka</TD>
<TD>Kalganov Alexander <A HREF="mailto:top@bird.cris.net">
top@bird.cris.net</A></TD></TR>
<TR><td>ki</TD>
<TD>Kenneth Ingham <A HREF="mailto:ingham@i-pi.com">
ingham@i-pi.com</A></TD></TR>
<TR><td>ky*</TD>
<TD>Kazutaka YOKOTA <A HREF="mailto:yokota@zodiac.mech.utsunomiya-u.ac.jp">
yokota@zodiac.mech.utsunomiya-u.ac.jp</A></TD></TR>
<TR><td>marc</TD>
<TD>Marc Slemko <A HREF="mailto:marcs@znep.com">
marcs@znep.com</A></TD></TR>
<TR><td>md</TD>
<TD>Matt Dillon <A HREF="mailto:dillon@best.net">
dillon@best.net</A></TD></TR>
<TR><td>mr</TD>
<TD>Mike Romaniw <A HREF="mailto:msr@cuc.com">
msr@cuc.com</A></TD></TR>
<TR><td>mrvm*</TD>
<TD>Mark Murray <A HREF="mailto:mark@grondar.za">
mark@grondar.za</A></TD></TR>
<TR><td>mu</TD>
<TD>Mudge <A HREF="mailto:mudge@l0pht.com">
mudge@l0pht.com</A></TD></TR>
<TR><td>or*</TD>
<TD>Ollivier Robert <A HREF="mailto:roberto@keltia.freenix.fr">
roberto@keltia.freenix.fr</A></TD></TR>
<TR><td>pb</TD>
<TD>Peter Blake <A HREF="mailto:ppb@baloo.tcp.co.uk">
ppb@baloo.tcp.co.uk</A></TD></TR>
<TR><td>peter*</TD>
<TD>Peter Wemm <A HREF="mailto:peter@FreeBSD.org">
peter@FreeBSD.org</A></TD></TR>
<TR><td>phk*</TD>
<TD>Poul-Henning Kamp <A HREF="mailto:phk@FreeBSD.org">
phk@FreeBSD.org</A></TD></TR>
<TR><td>pst*</TD>
<TD>Paul Traina <A HREF="mailto:pst@FreeBSD.org">
pst@FreeBSD.org</A></TD></TR>
<TR><td>rb</TD>
<TD>Reinier Bezuidenhout <A HREF="mailto:rbezuide@oskar.nanoteq.co.za">
rbezuide@oskar.nanoteq.co.za</A></TD></TR>
<TR><td>rd</TD>
<TD>Rajiv Dighe <A HREF="mailto:rajivd@sprynet.com">
rajivd@sprynet.com</A></TD></TR>
<TR><td>rel</TD>
<TD>Roger Espel Llima <A HREF="mailto:espel@llaic.univ-bpclermont.fr">
espel@llaic.univ-bpclermont.fr</A></TD></TR>
<TR><td>rjk</TD>
<TD>Richard J Kuhns <A HREF="mailto:rjk@grauel.com">
rjk@grauel.com</A></TD></TR>
<TR><td>rm</TD>
<TD>Robin Melville <A HREF="mailto:robmel@nadt.org.uk">
robmel@nadt.org.uk</A></TD></TR>
<TR><td>rs</TD>
<TD>Robert Sexton <A HREF="mailto:robert@kudra.com">
robert@kudra.com</A></TD></TR>
<TR><td>sc</TD>
<TD>Sergei Chechetkin <A HREF="mailto:csl@whale.sunbay.crimea.ua">
csl@whale.sunbay.crimea.ua</A></TD></TR>
<TR><td>tao</TD>
<TD>Brian Tao <A HREF="mailto:taob@risc.org">
taob@risc.org</A></TD></TR>
<TR><td>tdr</TD>
<TD>Thomas David Rivers <A HREF="mailto:ponds!rivers@dg-rtp.dg.com">
ponds!rivers@dg-rtp.dg.com</A></TD></TR>
<TR><td>vk</TD>
<TD>Vadim Kolontsov <A HREF="mailto:vadim@tversu.ac.ru">
vadim@tversu.ac.ru</A></TD></TR>
<TR><td>witr</TD>
<TD>Robert Withrow <A HREF="mailto:witr@rwwa.com">
witr@rwwa.com</A></TD></TR>
<TR><td>xaa</TD>
<TD>Mark Huizer <A HREF="mailto:xaa@stack.nl">
xaa@stack.nl</A></TD></TR>
</TABLE>
<h3>* = Has CVS commit privileges.</h3>
<H3>* = Has CVS commit privileges.</H3>
&footer;
</BODY>

View file

@ -1,5 +1,5 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY date "$Date: 1997-02-15 13:28:51 $">
<!ENTITY date "$Date: 1997-02-19 13:49:11 $">
<!ENTITY title "FreeBSD Security Guide">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>
@ -14,7 +14,7 @@
<H1>FreeBSD Security Guide</H1>
<em>Last Updated: $Date: 1997-02-15 13:28:51 $ </em>
<em>Last Updated: $Date: 1997-02-19 13:49:11 $ </em>
<P>This guide attempts to document some of the tips and tricks used by
many FreeBSD security experts for securing systems and writing secure
@ -24,16 +24,20 @@ if and when they should happen. It also lists the various ways in which
the systems programmer can become more security conscious and less likely
to introduce security holes in the first place.
<p>We welcome your comments on the contents and correctness of this page.
Please send email to <a href="mailto:security-officer@freebsd.org">the
FreeBSD Security Officers</a> if you have changes you'd like to see here.
<H2>How to secure a FreeBSD system:</H2>
<UL>
<LI>This section needs to be written.
<LI>XXX This section needs to be written.
</UL>
<H2>How to recover from a security compromise </H2>
<UL>
<LI>This section also needs to be written.
<LI>XXX This section also needs to be written.
</UL>
<H2>Security Do's and Don'ts for Programmers:</H2>
@ -50,8 +54,18 @@ to introduce security holes in the first place.
<LI><A NAME="#rule1_1"></A>strcpy() and sprintf() calls from
unbounded data. Use strncpy() and snprintf() when the length is known
(or implement some other form of bounds-checking when it's not).
In fact, never use gets(3) or sprintf(3), period.
<P><LI><A NAME="#rule1_2"></A>Watch for strvis() and getenv() abuse.
<P><LI><A NAME="#rule1_2"></A>Watch for strvis(3) and getenv(3) abuse.
strvis() is easy to get the destination string wrong for, and getenv()
can return strings much longer than the user might expect - they are
one of the key ways an attack is often made on a program, causing it
to overwrite stack or variables by setting its environment variables
to unexpected values. If your program reads environment variables,
be paranoid!
<P><LI>Every time you see an open(2) or stat(2) call, ask yourself, "What
if it's a symbolic link?"
<P><LI><A NAME="#rule1_3"></A>All uses of mktemp(), tempnam(), mkstemp(),
etc.; make sure that they use mkstemp() instead. Also look for races in
@ -61,6 +75,9 @@ to introduce security holes in the first place.
<LI>Creating a directory. This will either succeed or fail.
<LI>Opening a file O_CREAT | O_EXCL
</UL>
mkstemp(3) properly handles this for you, so all temp files should
use mkstemp to guarantee there's no race and that the permissions
are right.
<P><LI><A NAME="#rule1_4"></A>If an attacker can force packets to go/come
from another arbitrary system then that hacker has complete control
@ -144,6 +161,32 @@ to introduce security holes in the first place.
<P><LI><A NAME="#rule6"></A>Pay special attention to realloc() usage - more
often than not, it's not done correctly.
<P><LI>When using fixed-size buffers, use sizeof() to prevent lossage when
a buffer size is changed but the code which uses it isn't. For example:
<LISTING>
char buf[1024];
struct foo { ... };
...
BAD:
xxx(buf, 1024)
xxx(yyy, sizeof(struct foo))
GOOD:
xxx(buf, sizeof(buf))
xxx(yyy, sizeof(yyy))
</LISTING>
<P><LI>Every time you see "char foo[###]", check every usage of foo to
make sure it can't be overflowed. If you can't avoid overflow
(and cases of this have been seen) then at least malloc the buffer
so you can't walk on the stack.
<P><LI>Always close file descriptors as soon as you can -- this makes it
more likely that the stdio buffer contents will be discarded. In
library routines, always set any file descriptors that you open to
close-on-exec.
<P>
</UL>
&footer;