Great translation Brett, the whole team is rolling! Unfortunately, its probably true. Yeah, I went to the site, interesting, but I'm not sure how shady they are or not. In either case, my problem still remains. I'm looking into what John-Mark Gurney posted to me, it looks a bit promising as far as being able to "demonstrate" the zeroing of the memory allocated prior to use.
For example, when I did a man malloc, the Z option states exactly that: The problem though is it also states that "this is intended for debugging and will impact performance negatively". That means I'm in between a rock and hard spot: 1. If I turn it on, I'll have horrible performance. (I suppose I need a /etc/malloc.conf example if I did if you have one) 2. if I don't turn it on, I am not able to address their so called 'issue'. On Thu, Sep 12, 2013 at 9:53 AM, Brett Glass <br...@lariat.org> wrote: > At 01:33 PM 9/12/2013, Jonathon Wright wrote: > > *Description of Finding:* Object reuse cannot be verified. The FreeBSD >> >> servers used have not been evaluated or certified by NIAP. As such, it >> cannot be verified that the operating system ensures transient memory >> cleansing (object reuse) features are in place. >> > > Translation: The FreeBSD Project doesn't participate in, and hasn't paid > money to be certified by, a program run by the NSA... a shadowy government > agency which has been known to actively compromise security and spy on > citizens. We recommend that our clients move to a less secure OS so that > their > systems can be spied upon and their security compromised. > > --Brett Glass > > P.S. -- For more on NIAP, see www.niap-ccevs.org. Note that this site will > deposit multiple tracking cookies in your browser which you may want to > delete after visiting it. > > _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
