C3Subtitles: 34c3: Are all BSDs created equally?
back

Are all BSDs created equally?

A survey of BSD kernel vulnerabilities.

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:58:58
Language
English
Abstract
In this presentation I start off asking the question „How come there are only a handful of BSD security kernel bugs advisories released every year?“ and then proceed to try and look at some data from several sources.

It should come as no surprise that those sources are fairly limited and somewhat outdated.

The presentation then moves on to try and collect some data ourselves. This is done by actively investigating and auditing. Code review, fuzzing, runtime testing on all 3 major BSD distributions [NetBSD/OpenBSD/FreeBSD]. This is done by first investigating what would be good places where the bugs might be. Once determined, a detailed review is performed of these places. Samples and demos will be shown.

I end the presentation with some results and conclusions. I will list what the outcome was in terms of bugs found, and who – based on the data I now have – among the three main BSD distributions can be seen as the clear winner and loser. I will go into detail about the code quality observed and give some pointers on how to improve some code. Lastly I will try and answer the question I set out to answer („How come there are only a handful of BSD security kernel bugs advisories released every year?“).

Talk ID
8968
Event:
34c3
Day
3
Room
Saal Adams
Start
7:45 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
Ilja van Sprundel
0.0% Checking done0.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
100.0% Nothing done yet100.0%

English: Transcribed until

Last revision: 11 months, 3 weeks ago