From owner-freebsd-security Tue May 4 23:52:24 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 893CC152DB for ; Tue, 4 May 1999 23:52:22 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA12765; Wed, 5 May 1999 00:51:38 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA08231; Wed, 5 May 1999 00:51:40 -0600 (MDT) Message-Id: <199905050651.AAA08231@harmony.village.org> To: "Jordan K. Hubbard" Subject: Re: [Jamie Rishaw ] FreeBSD 3.1 remote reboot exploit Cc: security@FreeBSD.ORG In-reply-to: Your message of "Tue, 04 May 1999 22:39:04 PDT." <9230.925882744@zippy.cdrom.com> References: <9230.925882744@zippy.cdrom.com> Date: Wed, 05 May 1999 00:51:40 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- In message <9230.925882744@zippy.cdrom.com> "Jordan K. Hubbard" writes: : I can't speak for the others, but not being one of the security team : folks I can say that I have no plans to say anything publically about : this. Being the security officer, I can say, without reservation, that I have absolutely nothing to say about this publiclly. I've sent mail to Jamie and to bugtraq asking for an explaination. Got zilch back so far. If and when there is a hole discovered, and the hole appears to be being exploited or easily exploited, then an advisory will be forth coming. So far I have absolutely nothing to go on except conjecture, which is not the basis for any statements or advisories. In generaly, many DoS things are quietly fixed in -stable. Sometimes the folks that fix them know thay are fixing an implementation of what Bruce likes to call panic(3), other times they don't. There really hasn't been anything of earth shaking importance that I've seen go in. Usually it is after the fixes go in that I see exploits start to crop up... Warner -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBNy/qeNxynu/2qPVhAQGl2wP+IipljM57kSENjuxmyvBf43kwLOduJaRo GBgGiAIgL1+M41lKPfr086Na0HCTOKgJB+bBCOsoBh5JknNc3WY3J9QoB+8IdY4B GAFsAN0+Mq4PHPC7xikrYQyXJzLy9/D+uSGtT36ONhZJpvIKUCYeOPV4HcDCvz5g /OnCFosMRU8= =VAE+ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message