From owner-freebsd-security  Thu Jul 13 13: 5:19 2000
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4712D37B634; Thu, 13 Jul 2000 13:05:04 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id OAA26974;
	Thu, 13 Jul 2000 14:04:55 -0600 (MDT)
Message-Id: <4.3.2.7.2.20000713135632.04b63890@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 13 Jul 2000 14:04:51 -0600
To: Robert Watson <rwatson@FreeBSD.ORG>
From: Brett Glass <brett@lariat.org>
Subject: Re: Two kinds of advisories?
Cc: Susie Ward <sward@voltage.net>, security@FreeBSD.ORG
In-Reply-To: <Pine.NEB.3.96L.1000713153609.71313A-100000@fledge.watson.o
 rg>
References: <4.3.2.7.2.20000713132400.04b73af0@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 01:42 PM 7/13/2000, Robert Watson wrote:

>Here's a recent sample:
>
>Subject: FreeBSD Ports Security Advisory: FreeBSD-SA-00:29.wu-ftpd
>
>What information could we add here that would improve things?  

Let's look closely at this and see why this might cause a panicky
call from a client (which it did, by the way; and, yes, I did bill
him for the time I spent making sure he wasn't running wu-ftpd).
First, it mentions FreeBSD twice and wu-ftpd only once. Second,
wu-ftpd is mentioned at the end where it may fall off the end of 
the recipient's e-mail window, leaving TWO mentions of FreeBSD
visible and no mention of the offending app. Finally, by giving
the problem a code, or number, beginning with FreeBSD, it makes
it look like a FreeBSD problem.

Personally, I'm very glad for the advisories -- you may recall
that I returned from my honeymoon to find a system rooted due 
to a QPopper exploit. I only wish that the CDs were updated
quickly enough to prevent more copies of exploitable ports
from going out! (People who install from the CDs often don't
know how to pick up new ports, and it's not obvious from the
sysinstall UI.) But if the advisory said:

Security Advisory: Remote root exploit in wu-ftpd (FreeBSD-SA-00:29)

it'd produce fewer calls from nervous clients.

--Brett



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message