From owner-freebsd-security Mon Jun 24 19: 2:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3]) by hub.freebsd.org (Postfix) with ESMTP id 1AF6337B403; Mon, 24 Jun 2002 19:02:26 -0700 (PDT) Received: from cvs.openbsd.org (deraadt@localhost [127.0.0.1]) by cvs.openbsd.org (8.12.4/8.12.1) with ESMTP id g5P238LJ002003; Mon, 24 Jun 2002 20:03:08 -0600 (MDT) Message-Id: <200206250203.g5P238LJ002003@cvs.openbsd.org> To: Ted Cabeen Cc: "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG Subject: Re: Hogwash In-reply-to: Your message of "24 Jun 2002 19:00:13 PDT." <87sn3c6rte.fsf@gray.impulse.net> Date: Mon, 24 Jun 2002 20:03:08 -0600 From: Theo de Raadt Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I for one, appreciate the early notification. It allows me to upgrade > or firewall important machines. That said, the initial warning was a > little vague. Something that was clearer yet still provided little > information to the blackhats would have been better. In particular, I > would have liked a more clear statement of the severity of the > problem. From the original email it's not clear if the vulnerability > is root or user level, and whether or not it has been successfully > exploited yet. Of course, it's possible that when the message was > written, that wasn't known yet, and if so then fine. Regardless, I > hope that you will post further updates as you learn more about the > extent of the problem. I'm not giving away any hints. Assume the worst and do the upgrade, and if you dislike the way I handled this, don't buy me that beer later. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message