Date: Mon, 16 Dec 1996 15:12:55 -0700 From: Warner Losh <imp@village.org> To: Richard Wackerbarth <rkw@dataplex.net> Cc: Joakim Rastberg <jor@xinit.se>, security@freebsd.org Subject: Re: crontab security hole exploit Message-ID: <E0vZlHM-0005SA-00@rover.village.org> In-Reply-To: Your message of "Mon, 16 Dec 1996 09:14:25 CST." <l03010d00aedb15f6a17f@[208.2.87.4]> References: <l03010d00aedb15f6a17f@[208.2.87.4]> <l03010d02aedafca2ae0c@[208.2.87.4]>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <l03010d00aedb15f6a17f@[208.2.87.4]> Richard Wackerbarth writes: : An interesting perspective. : My attitude is that it is better to have obscurity than having the exploit : readily available to a wide audience. I realize that the truly good : crackers can figure it out for themself. But there are many "children" who : will try something when it is handed to them. IMHO, we should at least give : the upper hand to the sysops and, if possible, provide the fix before the : attack becomes widespread. Yes, but 99.999% of all the exploits that have been posted to this list first appeared in bugtraq or best-of-security. Nothing new is generally revealed. Now then, if I find a way to crack program xxx, then I should quietly send mail to the authors (or the BSD distributions) with this information. If I'm just passing along a well known hole, then everybody likely already knows about it. Besides, you can easily find lots of holes in lots of programs for the small price of downloading OpenBSD's CVS tree. They have fixed boatloads of these things. some of which have been merged into FreeBSD, but many of which have not. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0vZlHM-0005SA-00>