Date: Mon, 3 Feb 1997 23:53:27 +1100 (EST) From: proff@suburbia.net To: tqbf@enteract.com Cc: security@freebsd.org Subject: Re: Critical Security Problem in 4.4BSD crt0 Message-ID: <19970203125327.8353.qmail@suburbia.net> In-Reply-To: <199702031026.EAA19567@enteract.com> from "Thomas H. Ptacek" at "Feb 3, 97 04:25:39 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm fairly certain that if Mr. Assange was aware (in August) of the crt0 > vulnerability, he'd have notified someone (as opposed to leaving vague > hints in unrelated messages). However, I obviously don't speak for him. Sometimes vauge hints in unrelated messages is all you get ;) I wasn't as close to the FreeBSD development process in August and by the time I got around to doing FreeBSD security reviews the problem had disappeared of its own accord. There are a signficant number of security fixes, including to libc about to enter the source base, dyson willing. OpenBSD's bombastically brandished claims about security should be viewed with a grain of salt [IMHO]. ______________________________________________________________________________ Prof. Julian Assange |If you want to build a ship, don't drum up people |together to collect wood and don't assign them tasks proff@iq.org |and work, but rather teach them to long for the endless proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970203125327.8353.qmail>