diff --git a/en/security/advisories.xml b/en/security/advisories.xml index 4b0d6cbc3e..4715335dd9 100644 --- a/en/security/advisories.xml +++ b/en/security/advisories.xml @@ -1,458 +1,458 @@ - + %includes; ]> - + &header;

Introduction

This web page is designed to assist both new and experienced users in the area of security for the FreeBSD Operating System. The FreeBSD Development team takes security very seriously and is constantly working on making the OS as secure as possible.

Here you will find additional information, or links to information, on how to protect your system against various types of outside attack, whom to contact if you find a security related bug, etc. There is also a section on the various ways that the systems programmer can become more security conscious so he or she is less likely to introduce security holes in the first place.

Table of Contents

The FreeBSD Security Officer

To better coordinate information exchange with others in the security community, FreeBSD has a focal point for security related communications: The FreeBSD security officer. The position is actually staffed by a team of dedicated security officers, their main tasks being to send out advisories when there are known security holes and to act on reports of possible security problems with FreeBSD.

If you need to contact someone from the FreeBSD team about a possible security bug, you should therefore please send mail to the Security Officer with a description of what you've found and the type of vulnerability it represents. The Security Officers also communicate with the various CERT and FIRST teams around the world, sharing information about possible vulnerabilities in FreeBSD or utilities commonly used by FreeBSD. The Security Officers are also active members of those organizations.

If you do need to contact the Security Officer about a particularly sensitive matter, please use their PGP key to encrypt your message before sending it.

FreeBSD Security Advisories

The FreeBSD Security Officers provide security advisories for the following releases of FreeBSD:

At this time, security advisories are available for:

Older releases are not maintained and users are strongly encouraged to upgrade to one of the supported releases mentioned above.

Like all development efforts, security fixes are first brought into the FreeBSD-current branch. After a couple of days and some testing, the fix is retrofitted into the supported FreeBSD-stable branch(es) and an advisory then sent out.

Advisories are sent to the following FreeBSD mailing lists:

Advisories are always signed using the FreeBSD Security Officer PGP key and are archived, along with their associated patches, at our FTP CERT repository. At the time of this writing, the following advisories are currently available:

FreeBSD Security Mailing Lists Information

If you are administering or using any number of FreeBSD systems, you should probably be subscribed to one or more of the following lists:

 freebsd-security                General security related discussion
 freebsd-security-notifications  Security notifications (moderated mailing list)
 
Send mail to majordomo@FreeBSD.ORG with
      subscribe <listname>  [<optional address>]
 
in the body of the message in order to subscribe yourself. For example:
 % echo "subscribe freebsd-security" | mail majordomo@freebsd.org
 
and if you would like to unsubscribe from a mailing list:
 % echo "unsubscribe freebsd-security" | mail majordomo@freebsd.org
 

Secure Programing Guidelines

  • Look out for programs doing complex things in with signal handlers. Many routines in the various libraries are not sufficiently reentrant to make this safe.

  • Pay special attention to realloc() usage - more often then not the function is not used correctly.

  • When using a fixed size buffers, use sizeof() to prevent lossage when a buffer size is changed but the code which uses it isn't. For example: char buf[1024]; struct foo { ... }; ... BAD: xxx(buf, 1024) xxx(yyy, sizeof(struct foo)) GOOD: xxx(buf, sizeof(buf)) xxx(yyy, sizeof(yyy)) Be careful though with sizeof of pointers when you really want the size of where it points to!

  • Every time you see "char foo[###]", check every usage of foo to make sure that it can't be overflowed. If you can't avoid overflow (and cases of this have been seen), then at least malloc the buffer so that one can't walk on the stack.

  • Always close file descriptors as soon as you can - this makes it more likely that the stdio buffer contents will be discarded. In library routines, always set any file descriptors that you open to close-on-exec.

  • FreeBSD Security Tips and Tricks

    There are several steps one must take to secure a FreeBSD system, or in fact any Unix system:

    There is also a FreeBSD Security How-To available which provides some advanced tips on how to improve security of your system. You can find it at http://www.freebsd.org/~jkb/howto.html.

    Security is an ongoing process. Make sure you are following the latest developments in the security arena.

    What to do when you detect a security compromise

    Other Related Security Information

    &footer diff --git a/en/security/security.sgml b/en/security/security.sgml index 4b0d6cbc3e..4715335dd9 100644 --- a/en/security/security.sgml +++ b/en/security/security.sgml @@ -1,458 +1,458 @@ - + %includes; ]> - + &header;

    Introduction

    This web page is designed to assist both new and experienced users in the area of security for the FreeBSD Operating System. The FreeBSD Development team takes security very seriously and is constantly working on making the OS as secure as possible.

    Here you will find additional information, or links to information, on how to protect your system against various types of outside attack, whom to contact if you find a security related bug, etc. There is also a section on the various ways that the systems programmer can become more security conscious so he or she is less likely to introduce security holes in the first place.

    Table of Contents

    The FreeBSD Security Officer

    To better coordinate information exchange with others in the security community, FreeBSD has a focal point for security related communications: The FreeBSD security officer. The position is actually staffed by a team of dedicated security officers, their main tasks being to send out advisories when there are known security holes and to act on reports of possible security problems with FreeBSD.

    If you need to contact someone from the FreeBSD team about a possible security bug, you should therefore please send mail to the Security Officer with a description of what you've found and the type of vulnerability it represents. The Security Officers also communicate with the various CERT and FIRST teams around the world, sharing information about possible vulnerabilities in FreeBSD or utilities commonly used by FreeBSD. The Security Officers are also active members of those organizations.

    If you do need to contact the Security Officer about a particularly sensitive matter, please use their PGP key to encrypt your message before sending it.

    FreeBSD Security Advisories

    The FreeBSD Security Officers provide security advisories for the following releases of FreeBSD:

    At this time, security advisories are available for:

    Older releases are not maintained and users are strongly encouraged to upgrade to one of the supported releases mentioned above.

    Like all development efforts, security fixes are first brought into the FreeBSD-current branch. After a couple of days and some testing, the fix is retrofitted into the supported FreeBSD-stable branch(es) and an advisory then sent out.

    Advisories are sent to the following FreeBSD mailing lists:

    Advisories are always signed using the FreeBSD Security Officer PGP key and are archived, along with their associated patches, at our FTP CERT repository. At the time of this writing, the following advisories are currently available:

    FreeBSD Security Mailing Lists Information

    If you are administering or using any number of FreeBSD systems, you should probably be subscribed to one or more of the following lists:

     freebsd-security                General security related discussion
     freebsd-security-notifications  Security notifications (moderated mailing list)
     
    Send mail to majordomo@FreeBSD.ORG with
          subscribe <listname>  [<optional address>]
     
    in the body of the message in order to subscribe yourself. For example:
     % echo "subscribe freebsd-security" | mail majordomo@freebsd.org
     
    and if you would like to unsubscribe from a mailing list:
     % echo "unsubscribe freebsd-security" | mail majordomo@freebsd.org
     

    Secure Programing Guidelines

  • Look out for programs doing complex things in with signal handlers. Many routines in the various libraries are not sufficiently reentrant to make this safe.

  • Pay special attention to realloc() usage - more often then not the function is not used correctly.

  • When using a fixed size buffers, use sizeof() to prevent lossage when a buffer size is changed but the code which uses it isn't. For example: char buf[1024]; struct foo { ... }; ... BAD: xxx(buf, 1024) xxx(yyy, sizeof(struct foo)) GOOD: xxx(buf, sizeof(buf)) xxx(yyy, sizeof(yyy)) Be careful though with sizeof of pointers when you really want the size of where it points to!

  • Every time you see "char foo[###]", check every usage of foo to make sure that it can't be overflowed. If you can't avoid overflow (and cases of this have been seen), then at least malloc the buffer so that one can't walk on the stack.

  • Always close file descriptors as soon as you can - this makes it more likely that the stdio buffer contents will be discarded. In library routines, always set any file descriptors that you open to close-on-exec.

  • FreeBSD Security Tips and Tricks

    There are several steps one must take to secure a FreeBSD system, or in fact any Unix system:

    There is also a FreeBSD Security How-To available which provides some advanced tips on how to improve security of your system. You can find it at http://www.freebsd.org/~jkb/howto.html.

    Security is an ongoing process. Make sure you are following the latest developments in the security arena.

    What to do when you detect a security compromise

    Other Related Security Information

    &footer diff --git a/share/sgml/advisories.xml b/share/sgml/advisories.xml index 4b0d6cbc3e..4715335dd9 100644 --- a/share/sgml/advisories.xml +++ b/share/sgml/advisories.xml @@ -1,458 +1,458 @@ - + %includes; ]> - + &header;

    Introduction

    This web page is designed to assist both new and experienced users in the area of security for the FreeBSD Operating System. The FreeBSD Development team takes security very seriously and is constantly working on making the OS as secure as possible.

    Here you will find additional information, or links to information, on how to protect your system against various types of outside attack, whom to contact if you find a security related bug, etc. There is also a section on the various ways that the systems programmer can become more security conscious so he or she is less likely to introduce security holes in the first place.

    Table of Contents

    The FreeBSD Security Officer

    To better coordinate information exchange with others in the security community, FreeBSD has a focal point for security related communications: The FreeBSD security officer. The position is actually staffed by a team of dedicated security officers, their main tasks being to send out advisories when there are known security holes and to act on reports of possible security problems with FreeBSD.

    If you need to contact someone from the FreeBSD team about a possible security bug, you should therefore please send mail to the Security Officer with a description of what you've found and the type of vulnerability it represents. The Security Officers also communicate with the various CERT and FIRST teams around the world, sharing information about possible vulnerabilities in FreeBSD or utilities commonly used by FreeBSD. The Security Officers are also active members of those organizations.

    If you do need to contact the Security Officer about a particularly sensitive matter, please use their PGP key to encrypt your message before sending it.

    FreeBSD Security Advisories

    The FreeBSD Security Officers provide security advisories for the following releases of FreeBSD:

    At this time, security advisories are available for:

    Older releases are not maintained and users are strongly encouraged to upgrade to one of the supported releases mentioned above.

    Like all development efforts, security fixes are first brought into the FreeBSD-current branch. After a couple of days and some testing, the fix is retrofitted into the supported FreeBSD-stable branch(es) and an advisory then sent out.

    Advisories are sent to the following FreeBSD mailing lists:

    Advisories are always signed using the FreeBSD Security Officer PGP key and are archived, along with their associated patches, at our FTP CERT repository. At the time of this writing, the following advisories are currently available:

    FreeBSD Security Mailing Lists Information

    If you are administering or using any number of FreeBSD systems, you should probably be subscribed to one or more of the following lists:

     freebsd-security                General security related discussion
     freebsd-security-notifications  Security notifications (moderated mailing list)
     
    Send mail to majordomo@FreeBSD.ORG with
          subscribe <listname>  [<optional address>]
     
    in the body of the message in order to subscribe yourself. For example:
     % echo "subscribe freebsd-security" | mail majordomo@freebsd.org
     
    and if you would like to unsubscribe from a mailing list:
     % echo "unsubscribe freebsd-security" | mail majordomo@freebsd.org
     

    Secure Programing Guidelines

  • Look out for programs doing complex things in with signal handlers. Many routines in the various libraries are not sufficiently reentrant to make this safe.

  • Pay special attention to realloc() usage - more often then not the function is not used correctly.

  • When using a fixed size buffers, use sizeof() to prevent lossage when a buffer size is changed but the code which uses it isn't. For example: char buf[1024]; struct foo { ... }; ... BAD: xxx(buf, 1024) xxx(yyy, sizeof(struct foo)) GOOD: xxx(buf, sizeof(buf)) xxx(yyy, sizeof(yyy)) Be careful though with sizeof of pointers when you really want the size of where it points to!

  • Every time you see "char foo[###]", check every usage of foo to make sure that it can't be overflowed. If you can't avoid overflow (and cases of this have been seen), then at least malloc the buffer so that one can't walk on the stack.

  • Always close file descriptors as soon as you can - this makes it more likely that the stdio buffer contents will be discarded. In library routines, always set any file descriptors that you open to close-on-exec.

  • FreeBSD Security Tips and Tricks

    There are several steps one must take to secure a FreeBSD system, or in fact any Unix system:

    There is also a FreeBSD Security How-To available which provides some advanced tips on how to improve security of your system. You can find it at http://www.freebsd.org/~jkb/howto.html.

    Security is an ongoing process. Make sure you are following the latest developments in the security arena.

    What to do when you detect a security compromise

    Other Related Security Information

    &footer