Date: Mon, 16 Dec 1996 11:39:58 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: Richard Wackerbarth <rkw@dataplex.net> Cc: Joakim Rastberg <jor@xinit.se>, security@freebsd.org Subject: Re: crontab security hole exploit Message-ID: <Pine.BSF.3.95.961216113611.9006C-100000@alive.ampr.ab.ca> In-Reply-To: <l03010d00aedb15f6a17f@[208.2.87.4]>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes. Fixes should be posted before exploits. Give people a day or two to fix a hole. People who know what they are doing can make their own exploit once they know the problem exists, but if they wanted to, people like that could find the problem themself anyway. This particular hole is nothing new, unfortunately it slipped through the cracks in -stable. However, if a fix has been available there is nothing wrong with posting an exploit. People shouldn't need to see exploits to act on a known hole, I will bet that there are many people out there who file the hole as "something to get around to fixing sometime" until they see a pretty exploit that gives them root in 2 seconds. On Mon, 16 Dec 1996, Richard Wackerbarth wrote: > jor@xinit.se writes: > > >I would rather like the exploits be posted as they can be used > >to leverage the "management" to pay attention (background: I am working as > >a contractor to run some unix-boxes and although I whine about the low > >security *nothing* happens until I can show I get a #, then someone > >perhaps pulls the plug and pays for a more secure installation. My point > >beeing is that many companies, at least the ones I work for, IGNORES holes > >until someone have shown them the exploit) > > An interesting perspective. > My attitude is that it is better to have obscurity than having the exploit > readily available to a wide audience. I realize that the truly good > crackers can figure it out for themself. But there are many "children" who > will try something when it is handed to them. IMHO, we should at least give > the upper hand to the sysops and, if possible, provide the fix before the > attack becomes widespread. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961216113611.9006C-100000>