Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 Jun 1997 14:21:59 -0500 (CDT)
From:      Guy Helmer <ghelmer@cs.iastate.edu>
To:        Warner Losh <imp@village.org>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Security problem with FreeBSD 2.2.1 default installation 
Message-ID:  <Pine.HPP.3.96.970610141247.27573A-100000@popeye.cs.iastate.edu>
In-Reply-To: <E0wbUOS-0001Fz-00@rover.village.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Jun 1997, Warner Losh wrote:

> In message <Pine.HPP.3.96.970603103342.16150G-100000@sunfire.cs.iastate.edu> Guy Helmer writes:
> : I just checked the bugtraq archives and found an exploit for sperl4.036
> : and sperl 5.00x on FreeBSD was posted April 21!
> : 
> : I guess no one watches bugtraq?!?
> 
> Sigh.
> 
> Yes.  I watch bug track.  I also have a full time job.  It takes me
> about a week to get to the bugtraq bugs, and then up to two to four
> weeks to get them fixed due to other time commitments that I have.  If
> no one else has the time, then the only way that is going to get
> better will be if I'm paid to watch for these things and paid to spend
> the time to fix them.
> 
> I might also point out that the Bugtraq mail had no patches at all for
> 4.x perl.  I had to develop them on my own.
> 
> Yes, it is important.  However, there is only so much that can be done
> given the resources that we have.

Sorry, I did not mean to imply that nobody must be working on this.  I
meant that I had not heard anything in the FreeBSD security list about
this exploit, so I was not aware that anyone (in a position to do
something about it) was working on it.  I realized after re-reading my
message that it could offend anyone who was working on the problem, and it
was not meant to.

After a brief look at the perl 5 patches and the perl 4 source, it was
quickly obvious that the perl 4 patch was non-trivially different.  I've
just started tracking current in the past couple of weeks, so I missed
your fix.  Thanks for your work, and apologies for the previous message.

Guy Helmer, Computer Science Grad Student, Iowa State - ghelmer@cs.iastate.edu
http://www.cs.iastate.edu/~ghelmer




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.HPP.3.96.970610141247.27573A-100000>