Date: Sat, 19 Oct 1996 02:56:02 -0600 From: Theo de Raadt <deraadt@theos.com> To: dyson@freebsd.org Cc: deraadt@theos.com (Theo de Raadt), misc@openbsd.org, hackers@freebsd.org Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c Message-ID: <199610190856.CAA00291@zeus.theos.com> In-Reply-To: Your message of "Sat, 19 Oct 1996 03:48:39 CDT." <199610190848.DAA03178@dyson.iquest.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> This was a thread that had a list of over 10 groups/people, and > simply needed to be pruned... Sorry for my proper ettiquite. You pruned too much. You pruned the list where your comments would look bad. > > You will > > see that you were being extremely challenging in your mail; you were > > basically BEGGING for a flame war. > > > Nope, only asking for intellectual honesty... I guess I was asking > for too much. No, that is not correct. Your comments denigrated us for approaching security in this fashion. Unforunately the clearing of that buffer inside libc/db, at endpwent() time, is the only way you can reliably solve the problem in all cases. Unfortunately, about 30 pieces of mail went over the freebsd-security mailing list without *anyone* asking us if we had found something else which made it more of an issue. Noone asked us why we were not backing the change out. We know security, really, we do. In fact there are a couple of other holes, of which I have told you one. All things accounted for, the change is correct. Do your homework, search for other db useages in the source tree, consider what I told you, and consider a few other non-setuid programs. > > Ok, I am stopping giving you fixes and reports immediately. You have > > been making personal attacks, and I hereby promise to not give you any > > fixes for at least the next 2 months. The accusatory tone is way out > > of line, I've had it; you suck. > > > This is the first flamage that I have seen... That's either a lie, John or you are BLIND. pkh flamed me personally. You are BLIND. > > This is really sad > Theo... I will still help the OpenBSD team with VM problems... Thank you. But I will not help FreeBSD with security problems unless something drastic happens. > It looks like to me: OpenBSD -- all take and no give... That's garbage. You just expected us to behave nice after you called our change stupid without asking us if we'd found some other flaws. > Theo: Angry child... Bad Theo, Bad... Bad... And blind John.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610190856.CAA00291>