Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 3 Feb 1997 23:53:27 +1100 (EST)
From:      proff@suburbia.net
To:        tqbf@enteract.com
Cc:        security@freebsd.org
Subject:   Re: Critical Security Problem in 4.4BSD crt0
Message-ID:  <19970203125327.8353.qmail@suburbia.net>
In-Reply-To: <199702031026.EAA19567@enteract.com> from "Thomas H. Ptacek" at "Feb 3, 97 04:25:39 am"

next in thread | previous in thread | raw e-mail | index | archive | help
> I'm fairly certain that if Mr. Assange was aware (in August) of the crt0
> vulnerability, he'd have notified someone (as opposed to leaving vague
> hints in unrelated messages). However, I obviously don't speak for him. 

Sometimes vauge hints in unrelated messages is all you get ;)
I wasn't as close to the FreeBSD development process in August and
by the time I got around to doing FreeBSD security reviews the
problem had disappeared of its own accord.

There are a signficant number of security fixes, including to libc
about to enter the source base, dyson willing. OpenBSD's bombastically
brandished claims about security should be viewed with a grain of
salt [IMHO].

______________________________________________________________________________
Prof. Julian Assange  |If you want to build a ship, don't drum up people
		      |together to collect wood and don't assign them tasks
proff@iq.org          |and work, but rather teach them to long for the endless
proff@gnu.ai.mit.edu  |immensity of the sea. -- Antoine de Saint Exupery



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970203125327.8353.qmail>