Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Aug 2000 10:50:11 -0400
From:      Mike Tancsa <mike@sentex.net>
To:        joe@webkrew.com
Cc:        freebsd-security@FreeBSD.ORG
Subject:   RE: suidperl exploit
Message-ID:  <4.3.2.7.0.20000811104321.00e77900@marble.sentex.ca>
In-Reply-To: <PHEKLIMKOGMILIEBJCOGCEBADIAA.joe@webkrew.com>
References:  <39940DF7.B33BC951@chemcomp.com>

next in thread | previous in thread | raw e-mail | index | archive | help
At 10:37 AM 8/11/00 -0400, Joe Oliveiro wrote:
>I personally think a website would be a great idea. With all the current
>exploits around it would make sense to compile a list of what is /  isnt
>fbsd open to and have it online somewhere.. Question is who is willing to do
>the work?

This sounds like a duplication of efforts... Why not just update the info 
on the securityfocus website for the particular exploit listed there saying 
FreeBSD is not vulnerable to exploit xxx... e.g.

http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D1547

It seems Bugtraq/securityfocus has become the defacto Security clearing 
house.  If there is one site/list people follow, its proably that one, and 
any updates as to what is and what is not vulnerable will get the lionshare 
of viewers.

         ---Mike


>-----Original Message-----
>From: owner-freebsd-security@FreeBSD.ORG
>[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of System
>Administrator
>Sent: August 11, 2000 10:30 AM
>To: Warner Losh
>Cc: Kris Kennaway; Vladimir Mencl, MK, susSED;
>freebsd-security@FreeBSD.ORG
>Subject: Re: suidperl exploit
>
>
>Would it be appropriate to have a part of the website dedicated to the
>publishing of current security vulnerabilities and how FreeBSD is *not*
>affected? :)
>
>-advocacy, I guess... but I think it would be a good idea since we have
>a lot of people showing up on the lists saying "is FBSD vulnerable for
>this?"
>
>I guess a website is a bit an overkill...
>
>A.
>
>Warner Losh wrote:
> >
> > In message <Pine.BSF.4.21.0008102034410.95874-100000@freefall.freebsd.org>
>Kris Kennaway writes:
> > : Non-vulnerability alerts like some of the Linux vendors have started
> > : issuing are stupid. If there's no problem, there's no problem, and as
>long
> > : as you provide a reliable service when there *are* problems, there's no
> > : need to publicize the negative result. The few people who have heard
>about
> > : it through other channels and want specific reassurance can easily be
> > : accomodated individually through other means (e.g. this list) with much
> > : less effort and without the confusion from people who misinterpet the
> > : contents of the "advisory" as meaning they have to take some action.
> >
> > Yes.  I agree completely.  If that load gets too high, then we can put
> > up an notice on a web site.  Such notice might not be a bad idea
> > anyway, but we don't have a good mechanism for that.
> >
> > It also would artificially bloat the advisory numbers in bugtraq too,
> > which we wouldn't want to do.  We want to spend those chits on real
> > problems.
> >
> > Warner
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
>
>--
>Antoine Beaupre
>System Administrator
>Chemical Computing Group, Inc.
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message

------------------------------------------------------------------------
Mike Tancsa,                                      tel +1 519 651 3400
Sentex Communications                             mike@sentex.net
Cambridge, Ontario Canada                         www.sentex.net



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.0.20000811104321.00e77900>