Date: Tue, 10 Jun 1997 14:21:59 -0500 (CDT) From: Guy Helmer <ghelmer@cs.iastate.edu> To: Warner Losh <imp@village.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security problem with FreeBSD 2.2.1 default installation Message-ID: <Pine.HPP.3.96.970610141247.27573A-100000@popeye.cs.iastate.edu> In-Reply-To: <E0wbUOS-0001Fz-00@rover.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Jun 1997, Warner Losh wrote: > In message <Pine.HPP.3.96.970603103342.16150G-100000@sunfire.cs.iastate.edu> Guy Helmer writes: > : I just checked the bugtraq archives and found an exploit for sperl4.036 > : and sperl 5.00x on FreeBSD was posted April 21! > : > : I guess no one watches bugtraq?!? > > Sigh. > > Yes. I watch bug track. I also have a full time job. It takes me > about a week to get to the bugtraq bugs, and then up to two to four > weeks to get them fixed due to other time commitments that I have. If > no one else has the time, then the only way that is going to get > better will be if I'm paid to watch for these things and paid to spend > the time to fix them. > > I might also point out that the Bugtraq mail had no patches at all for > 4.x perl. I had to develop them on my own. > > Yes, it is important. However, there is only so much that can be done > given the resources that we have. Sorry, I did not mean to imply that nobody must be working on this. I meant that I had not heard anything in the FreeBSD security list about this exploit, so I was not aware that anyone (in a position to do something about it) was working on it. I realized after re-reading my message that it could offend anyone who was working on the problem, and it was not meant to. After a brief look at the perl 5 patches and the perl 4 source, it was quickly obvious that the perl 4 patch was non-trivially different. I've just started tracking current in the past couple of weeks, so I missed your fix. Thanks for your work, and apologies for the previous message. Guy Helmer, Computer Science Grad Student, Iowa State - ghelmer@cs.iastate.edu http://www.cs.iastate.edu/~ghelmer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.HPP.3.96.970610141247.27573A-100000>