From owner-freebsd-hackers Fri Oct 18 23:27:09 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id XAA20897 for hackers-outgoing; Fri, 18 Oct 1996 23:27:09 -0700 (PDT) Received: from dyson.iquest.net ([198.70.144.127]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA20890 for ; Fri, 18 Oct 1996 23:27:06 -0700 (PDT) Received: (from root@localhost) by dyson.iquest.net (8.7.5/8.6.9) id BAA02729; Sat, 19 Oct 1996 01:26:31 -0500 (EST) From: "John S. Dyson" Message-Id: <199610190626.BAA02729@dyson.iquest.net> Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c To: downsj@teeny.org (Jason Downs) Date: Sat, 19 Oct 1996 01:26:31 -0500 (EST) Cc: ache@nagual.ru, dg@root.com, gritton@byu.edu, freebsd-hackers@freebsd.org, tech-userlevel@netbsd.org, misc@openbsd.org In-Reply-To: <199610190139.SAA12584@threadway.teeny.org> from "Jason Downs" at Oct 18, 96 06:39:15 pm Reply-To: dyson@freebsd.org X-Mailer: ELM [version 2.4 PL24 ME8] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > Ah, yes. I've been watching this thread with some amount of amusement, as > have other OpenBSD developers. > > Yes, please back it out. I would rather have OpenBSD remain the most secure > version of UNIX that money can't buy. > The THING about OpenBSD security is pretty much unsubstantiated. I think that it is kind of funny (odd)... Very few outside of OpenBSD have been provided with any kind of digest as to the security fixes... Sounds like marketing claims to me!!! Additionally, that "fix" was simply the wrong thing to do, and there are better ways to deal with the problem. If the zeroing the buffer in db was typical of the ways that others are "fixing" security, well... Sad... :-(. John dyson@FreeBSD.org -- FreeBSD with a heart... We offer to help...