[GTALUG] interesting article on FreeBSD kernel almost getty dangerous code
D. Hugh Redelmeier
hugh at mimosa.com
Sun Mar 28 14:47:46 EDT 2021
<https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/>
Summary: a WireGuard port to FreeBSD was sponsored by Northgate (pfSense
company). The port was of poor quality and dangerously so. Nobody caught
it until after pfSense was released with it, and just before FreeBSD
released it. The messenger was tortured, but not shot.
Bonus: the guy who ported the code was a felon / bad landlord.
Lesson: open source software does not get enough quality control.
Especially code that might affect security. Some Linux distros attempt QC
(e.g. RedHat) but I'm sure it is inadequate.
More information about the talk
mailing list