Date: Tue, 04 May 1999 17:50:18 -0700 From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> To: Jorge Aldana <jorge@salk.edu> Cc: Mike Uttech <mike@negativezero.com>, freebsd-stable@FreeBSD.ORG Subject: Re: FreeBSD 3.1 remote reboot exploit (fwd) Message-ID: <8298.925865418@zippy.cdrom.com> In-Reply-To: Your message of "Tue, 04 May 1999 17:18:56 PDT." <Pine.BSF.3.96.990504170243.9852G-100000@remak.salk.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
[-security or -stable but not both please; redirected to -stable] > So, rebooting when a machine is overloaded is not a problem? It is a problem, certainly, if it can be verified. > It seems from the responses that this is an acceptable symptom of FreeBSD > 3.1 (release and stable)? No, judging by the responses, nobody is saying this. What people are saying is that bug reports or security advisories which give none of the clues necessary to do anything meaningful with them are not acceptable. This is not a paid organization here and so people can't just show up and say "Hey! It doesn't work! Fix it!" (and nothing more) since in so doing, they only create more work than they save as everyone is forced to scramble to try and get some (any) actual information out of them. That's not helpful and what is not helpful is simply not acceptable when people are donating their time out of generosity since it's hard enough finding sufficient time to donate as it is without having it wasted. Again, this is not a paid organization and if someone isn't part of the solution then they're truly part of the problem and we have enough problems to deal with already to welcome new ones. That has been the substance of most of the reactions I've seen so far. Saying that "your system has been rebooting" is a typical case of a worse-than-useless bug report since it only spreads uncertainty while providing none of the information necessary to go further with it. If, as very often it later transpires, the problem also turns out to be some piece of hardware or any other factor unrelated to FreeBSD then you can bet that most people won't follow up to say "Whoops, it was my fault, sorry!" and this leaves the incorrect general impression that FreeBSD was somehow "broken" for lack of any additional followup information. This is as frustrating to both developers and advocates as it is unfair, and it's why we now *insist* on some actual detail with these bug reports before running around and spending a lot of time on them. We've seen people screw themselves with overclocking (and not admit it), badly syncronized hand-upgraded binaries, bogus hardware, you name it and we've seen it - we've even seen people confuse us for BSD/OS or NetBSD and submit reports for bugs which aren't even in our operating system! If there is a depth of stupidity to which it's no longer possible to sink below, I haven't seen it yet; users continue to amaze me with their latest tunneling efforts and it makes you unwilling to jump on anything that doesn't look like the user has done his or her homework first before submitting a report. I'm also not saying that this latest bugtraq report is bogus, I'm simply saying that it doesn't provide enough information to make it distinguishable from a bogus bug report in any way. A meaningful bug/incident report is one where the user has taken responsibility for figuring out the various causal factors and narrowing it down enough to where there's actually enough information for a developer to achieve something concrete with it. This responsibility is also the user's and the user's alone since they're not paying for the services of an on-site engineer who shares access to their equipment, and if they can't gather the info then it's unlikely that anyone else will either and we're back to the content-free bug report again. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8298.925865418>