Date: Tue, 10 Jun 1997 11:07:40 -0600 From: Warner Losh <imp@village.org> To: Guy Helmer <ghelmer@cs.iastate.edu> Cc: freebsd-security@freebsd.org Subject: Re: Security problem with FreeBSD 2.2.1 default installation Message-ID: <E0wbUOS-0001Fz-00@rover.village.org> In-Reply-To: Your message of "Tue, 03 Jun 1997 10:44:33 CDT." <Pine.HPP.3.96.970603103342.16150G-100000@sunfire.cs.iastate.edu> References: <Pine.HPP.3.96.970603103342.16150G-100000@sunfire.cs.iastate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.HPP.3.96.970603103342.16150G-100000@sunfire.cs.iastate.edu> Guy Helmer writes: : I just checked the bugtraq archives and found an exploit for sperl4.036 : and sperl 5.00x on FreeBSD was posted April 21! : : I guess no one watches bugtraq?!? Sigh. Yes. I watch bug track. I also have a full time job. It takes me about a week to get to the bugtraq bugs, and then up to two to four weeks to get them fixed due to other time commitments that I have. If no one else has the time, then the only way that is going to get better will be if I'm paid to watch for these things and paid to spend the time to fix them. I might also point out that the Bugtraq mail had no patches at all for 4.x perl. I had to develop them on my own. Yes, it is important. However, there is only so much that can be done given the resources that we have. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0wbUOS-0001Fz-00>