From owner-freebsd-security  Fri Jan 10 15:44:42 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id PAA09715
          for security-outgoing; Fri, 10 Jan 1997 15:44:42 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id PAA09710
          for <freebsd-security@freebsd.org>; Fri, 10 Jan 1997 15:44:37 -0800 (PST)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0viqc4-0000is-00; Fri, 10 Jan 1997 16:43:52 -0700
To: Stephen Fisher <lithium@cia-g.com>
Subject: Re: Obvious fix for tempfile race conditions? 
Cc: Steve Reid <steve@edmweb.com>, freebsd-security@freebsd.org
In-reply-to: Your message of "Fri, 10 Jan 1997 16:08:55 MST."
		<Pine.BSI.3.95.970110160609.27393B-100000@maslow.cia-g.com> 
References: <Pine.BSI.3.95.970110160609.27393B-100000@maslow.cia-g.com>  
Date: Fri, 10 Jan 1997 16:43:51 -0700
From: Warner Losh <imp@village.org>
Message-Id: <E0viqc4-0000is-00@rover.village.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <Pine.BSI.3.95.970110160609.27393B-100000@maslow.cia-g.com> Stephen Fisher writes:
: If OpenBSD is so much better why doesn't anyone else get word of OpenBSD's
: fixes?

Might I draw to your attention the lpr/lpd fixes, the dump fixes and
the restore fixes that have already gone into the tree, the telnetd
fixes, etc.  Things are happening here, but they must be done
carefully to avoid introducing unintended new holes, or (more likely)
bugs due to the minor variation in source bases.

: > Not really.  There are so many holes in FreeBSD right now, I doubt it
: > would slow them down much.  Holes I'm working on closing, BTW.  Here
: > "so many" mean "at least one known that gives you root."
: 
: Anything helps.

Not if the cure is worse than the disease.

Warner