Date: Fri, 11 Aug 2000 10:37:19 -0400 From: "Joe Oliveiro" <joe@webkrew.com> To: "System Administrator" <admin@chemcomp.com>, "Warner Losh" <imp@village.org> Cc: "Kris Kennaway" <kris@FreeBSD.ORG>, "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz>, <freebsd-security@FreeBSD.ORG> Subject: RE: suidperl exploit Message-ID: <PHEKLIMKOGMILIEBJCOGCEBADIAA.joe@webkrew.com> In-Reply-To: <39940DF7.B33BC951@chemcomp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I personally think a website would be a great idea. With all the current exploits around it would make sense to compile a list of what is / isnt fbsd open to and have it online somewhere.. Question is who is willing to do the work? -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of System Administrator Sent: August 11, 2000 10:30 AM To: Warner Losh Cc: Kris Kennaway; Vladimir Mencl, MK, susSED; freebsd-security@FreeBSD.ORG Subject: Re: suidperl exploit Would it be appropriate to have a part of the website dedicated to the publishing of current security vulnerabilities and how FreeBSD is *not* affected? :) -advocacy, I guess... but I think it would be a good idea since we have a lot of people showing up on the lists saying "is FBSD vulnerable for this?" I guess a website is a bit an overkill... A. Warner Losh wrote: > > In message <Pine.BSF.4.21.0008102034410.95874-100000@freefall.freebsd.org> Kris Kennaway writes: > : Non-vulnerability alerts like some of the Linux vendors have started > : issuing are stupid. If there's no problem, there's no problem, and as long > : as you provide a reliable service when there *are* problems, there's no > : need to publicize the negative result. The few people who have heard about > : it through other channels and want specific reassurance can easily be > : accomodated individually through other means (e.g. this list) with much > : less effort and without the confusion from people who misinterpet the > : contents of the "advisory" as meaning they have to take some action. > > Yes. I agree completely. If that load gets too high, then we can put > up an notice on a web site. Such notice might not be a bad idea > anyway, but we don't have a good mechanism for that. > > It also would artificially bloat the advisory numbers in bugtraq too, > which we wouldn't want to do. We want to spend those chits on real > problems. > > Warner > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Antoine Beaupre System Administrator Chemical Computing Group, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PHEKLIMKOGMILIEBJCOGCEBADIAA.joe>