On 9/14/13 10:40 AM, Julian Elischer wrote:
On 9/14/13 5:03 AM, John Baldwin wrote:
On Friday, September 13, 2013 2:23:19 pm Jonathon Wright wrote:
Well stated Gary.
I need to divulge more information it appears. The reason I'm
unable to
effectively fight the semantic game, and not pay the auditors,
etc. etc. is
because the auditors are the DoD. We work for a private company
that's
contracted out to provide services to the DoD. But we still have
to pass
their inspections. As you all know, the DoD does not exactly see
things in
anything but black and white.
So yes, my management is freaked out because the DoD auditors
(paid for by
the DoD btw) are finding issues that we have to resolve to keep the
contract going. That's why my hands are tied. I'll give them
credit though,
they are allowing me to demonstrate FreeBSD's capability in this
manner by
providing documentation since FreeBSD does not have the cert.
Thats the
first non-black and white auditor check I've seen in years.
We have lots of time and efforts invested in our architecture
which is
based on FreeBSD and thats why we're fighting to keep it, hence
the start
of this post.
Thanks again for all the insights, I'll keep ya up to date. We
have another
month or so to work this, so we're still formulating an initial
response.
I think the sensible thing they are looking for is that new pages
don't leak
data between processes, not anything to do with malloc zeroing,
etc. FreeBSD
definitely does do this. However, the "right" answer is probably
that you
will have to pay to have the version of FreeBSD you are currently
using
audited.
this will probably be a lot cheaper than changing to Linux at this
point.
It is possible you could ask the FreeBSD Foundation if they would put
up some of the cash
as a project.. it may be generally useful.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
"freebsd-security-unsubscr...@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
