From owner-doc-jp@jp.freebsd.org  Sat Oct  4 20:58:37 1997
Received: by jaz.jp.freebsd.org (8.8.7+2.7Wbeta7/8.7.3) id UAA09178
	Sat, 4 Oct 1997 20:58:37 +0900 (JST)
Received: by jaz.jp.freebsd.org (8.8.7+2.7Wbeta7/8.7.3) with ESMTP id UAA09173
	for <doc-jp@jp.FreeBSD.org>; Sat, 4 Oct 1997 20:58:34 +0900 (JST)
Received: from localhost. (j5.ptl6.jaring.my [161.142.1.211])
	by relay3.jaring.my (8.8.7/8.8.7) with ESMTP id TAA09451;
	Sat, 4 Oct 1997 19:57:21 +0800 (MYT)
Message-Id: <199710041157.TAA09451@relay3.jaring.my>
Received: from localhost (localhost [127.0.0.1]) by localhost. (8.8.7/3.4W3) with ESMTP id UAA23216; Sat, 4 Oct 1997 20:01:33 +0800 (MYT)
To: doc-jp@jp.FreeBSD.org, ohashi@mickey.ai.kyutech.ac.jp
Cc: iwasaki@pc.jaring.my
X-Mailer: Mew version 1.06 on Emacs 19.28.1, Mule 2.3
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Date: Sat, 04 Oct 1997 20:01:33 +0800
From: Mitsuru IWASAKI <iwasaki@pc.jaring.my>
Reply-To: doc-jp@jp.freebsd.org
Precedence: bulk
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=20]
X-Sequence: doc-jp 3354
Subject: [doc-jp 3354] <WWW> Reviewing auditors.sgml
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org

$B$$$o$5$-$G$9!#(B

auditors.sgml $B$N::FI$r;O$a$^$7$?!#(B
$B$,!":G=i$+$iLuJ8$,$\$/$N2r<a$HBg$-$/0c$&$N$G$A$g$C$H8f0U8+$/$@$5$$!#(B
$B86J8<+BN!"0lJ8$,D9$/Fq2r$G$5$i$KOC$78@MU$G=q$$$F$"$k$N$GF,DK$$$G$9!#(B

$B:G=i$O!"%;%-%e%j%F%#%[!<%k$KBP$9$k:#$^$G$NBP1~$K$D$$$F$G$9!#(B
``no truly large-scale attempt has been made up'' $B$r(B
$B!V??$KBg5,LO$J;n$_0J30$O$*$3$J$o$l$?!W$H$9$k$+(B
$B!V??$KBg5,LO$J;n$_$O$J$+$C$?!W$H$9$k$+$GCJMnA4BN$NO@E@$,(B
$BBg$-$/JQ$o$C$F$-$^$9!#(B

$B86J8(B:
<P>The sheer amount of legacy code & code from outside sources in
FreeBSD also makes it especially easy for security holes to go
unnoticed until it's rather too late, and no truly large-scale attempt
has been made up to this point to really go through the codebase with
a specific focus on security issues, that being a rather big project
and most FreeBSD developers being more than busy enough elsewhere.

$BLuJ8(B:
<P>FreeBSD$BCf$N81$7$$0d;:$N%3!<%I$H30It$+$i$N%=!<%9$O$^$?<jCY$l$K$J$k$^(B
$B$G5$IU$+$l$J$$%;%-%e%j%F%#%[!<%k$HFC$KMF0W$K$J$j$d$9$/!$(B
$B$=$7$F??$KBg5,LO$J;n$_0J30$N$b$N$O$3$l$i$NE@$r%;%-%e%j%F%#LdBj$GFC$K>G(B
$BE@$rEv$F$F$$$k%3!<%I%Y!<%9$N8!::$rDL$7$F9=@.$5$l$F$*$j!$(B
$B$3$l$O$+$J$jBg$-$J%W%m%8%'%/%H$K$b9T$J$o$l$F$*$jBgItJ,$N(BFreeBSD$B3+H/<T(B
$B$OB>$N$3$H$h$j$3$l$K==J,;~4V$r3d$$$F$$$^$9!%(B

$B2~A10F(B:
<P>FreeBSD$B$K4^$^$l$kM3=o@5$7$$0d;:$N%3!<%I$H30It$+$i$N%=!<%9$O(B, 
$B<jCY$l$K$J$k$^$G5$IU$+$l$J$$$h$&$J%;%-%e%j%F%#%[!<%k$KFC$K$J$j0W$$(B
$B$b$N$G$9(B. $B$3$NE@$K$D$$$F(B, $B%;%-%e%j%F%#LdBj$KFC$K>GE@$rEv$F$F<B:]$K(B
$B%=!<%9%3!<%I%Y!<%9$G8+D>$9K\Ev$KBg$,$+$j$J;n$_$O$"$j$^$;$s$G$7$?(B. 
$B$3$l$O$+$J$jBg$-$J%W%m%8%'%/%H$K$J$j(B, $BB>$N$3$H$G;~4V$,$J$$(BFreeBSD
$B3+H/<T$N$[$H$s$I$O:#0J>e$KK;$7$/$J$j$^$9(B.


$B<!$O!"A0$NJ8$r<u$1$F8=>u$rJQ$($k$H$$$&FbMF$G$9!#(B``as the
Internet continues to grow ...'' $B$N(B as $B$r860x!&M}M3$N0UL#$G2r<a(B
$B$9$k$+$I$&$+$G$9!#(B

$B86J8(B:
This situation must now change, however, if we are to remain the kind
of operating system that people can continue to rely upon as the
Internet continues to grow and (I suspect) become an ever-more hostile
environment for improperly protected systems.  Proper security is
something of a cooperative arrangement between the local administrator
and the OS vendor, and this "OS vendor" needs to do its part.</P>

$BLuJ8(B:
$B$b$72f!9$,?M!9$,%$%s%?!<%M%C%H$,@.D9$7B3$1$k$3$H$r?.Mj$7B3$1$k$3$H$,$G(B
$B$-$k%*%Z%l!<%F%$%s%0%7%9%F%`$H$7$FB8B3$5$;$i$l$F(B($B;d$O2{5?E*$G$"$k$,(B)$BIT(B
$BE,Ev$KJ]8n$5$l$?%7%9%F%`$N$h$&$J$$$D$bE(BP$7$F$$$k4D6-$N$h$&$K$J$C$F$7(B
$B$^$&$J$i!$$3$N>uBV$OB(9oJQ99$7$J$1$l$P$J$j$^$;$s!%(B
$BE,@Z$J%;%-%e%j%F%#$O8=>l$N4IM}<T$H(BOS$B%Y%s%@!<$H$N4V$N6(D4E*$J9g0U$K$h$k(B
$B$b$N$G$"$j!$$3$3$G$N(BOS$B%Y%s%@!<$O$3$l$i$N$3$H$rI,MW$H$7$F$$$^$9!%(B</P>

$B2~A10F(B:
$B$7$+$7(B, $B%$%s%?!<%M%C%H$O@.D9$7B3$1$F$*$jE,@Z$KJ]8n$5$l$F$$$J$$%7%9%F%`$K(B
$B$H$C$F$O>o$KE(BP$9$k4D6-$H$J$k(B ($B$HbK$s$G$$$^$9(B) $B$?$a(B, $B?M!9$,?.Mj$7B3$1$k(B
$B$3$H$,$G$-$k%*%Z%l!<%F%$%s%0%7%9%F%`$rB8B3$5$;$k$?$a$K$O(B, $B$3$N>u67$O(B
$B:#$3$=JQ$($k$Y$-$G$9(B.
$BE,@Z$J%;%-%e%j%F%#$O8=>l$N4IM}<T$H(BOS$B%Y%s%@!<$H$N4V$N6(D4E*$J9g0U$K$h$k(B
$B$b$N$G$"$j(B, $B$3$N!V(BOS$B%Y%s%@!<!W$O<+J,B&$N@UG$$r2L$?$9I,MW$,$"$j$^$9(B. </P>


$B$h$m$7$/$*4j$$$7$^$9!#(B
--
                                    o
                              [=]   O
                             (.~.)_P
+=======================oooO==( )//Oooo======================+
|       --- Mitsuru IWASAKI ----                             |
|15A-1-3, Scots Tower, MONT' KIARA CONDOMINIUM, Jalan 1/70C, |
|Off Bikit Kiara, 50480 Kuala Lumpur, Malaysia               |
|TEL/FAX: +60-3-2538579                      _/_/_/    _/    |
|e-mail:  iwasaki@sirim.my(OFFICE)          _/  _/ _/ _/     |
| iwasaki@pc.jaring.my(HOME) iwasaki@jp.FreeBSD.ORG(FreeBSD) |
+============================================================+
