From owner-freebsd-security  Mon Dec 16 12:28:27 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id MAA00216
          for security-outgoing; Mon, 16 Dec 1996 12:28:27 -0800 (PST)
Received: from mexico.brainstorm.eu.org (root@mexico.brainstorm.fr [193.56.58.253])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id MAA00211
          for <security@freebsd.org>; Mon, 16 Dec 1996 12:28:23 -0800 (PST)
Received: from brasil.brainstorm.eu.org (brasil.brainstorm.fr [193.56.58.33]) by mexico.brainstorm.eu.org (8.7.5/8.7.3) with ESMTP id VAA00967 for <security@freebsd.org>; Mon, 16 Dec 1996 21:28:16 +0100
Received: (from uucp@localhost) by brasil.brainstorm.eu.org (8.6.12/8.6.12) with UUCP id VAA28595 for security@freebsd.org; Mon, 16 Dec 1996 21:28:15 +0100
Received: (from roberto@localhost) by keltia.freenix.fr (8.8.4/keltia-uucp-2.9) id TAA10693; Mon, 16 Dec 1996 19:16:17 +0100 (CET)
Message-ID: <Mutt.19961216191617.roberto@keltia.freenix.fr>
Date: Mon, 16 Dec 1996 19:16:17 +0100
From: roberto@keltia.freenix.fr (Ollivier Robert)
To: security@freebsd.org
Subject: Re: crontab security hole exploit
References: <l03010d02aedafca2ae0c@[208.2.87.4]> <l03010d00aedb15f6a17f@[208.2.87.4]>
X-Mailer: Mutt 0.54
Mime-Version: 1.0
X-Operating-System: FreeBSD 3.0-CURRENT ctm#2815
In-Reply-To: <l03010d00aedb15f6a17f@[208.2.87.4]>; from Richard Wackerbarth on Dec 16, 1996 09:14:25 -0600
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

According to Richard Wackerbarth:
> My attitude is that it is better to have obscurity than having the exploit
> readily available to a wide audience. I realize that the truly good
> crackers can figure it out for themself. But there are many "children" who
> will try something when it is handed to them. IMHO, we should at least give

Even the children can subscribe to Bugtraq. Or 8lgm or even
linux-security...

> the upper hand to the sysops and, if possible, provide the fix before the
> attack becomes widespread.
 
Unfortunately it is generally wishful thinking more than everything
else. The only time it happens is when the bug is found during a limited
beta testing and it can be fixed before release for example...
-- 
Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.freenix.fr
  FreeBSD keltia.freenix.fr 3.0-CURRENT #31: Tue Dec  3 23:52:58 CET 1996