Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 6 Feb 1997 12:22:41 GMT
From:      Robin Melville <robmel@nadt.org.uk>
To:        security@freefall.freebsd.org
Subject:   Re: security-digest V3 #12
Message-ID:  <199702061222.MAA06912@charlie.nadt.org.uk>

next in thread | raw e-mail | index | archive | help
As a careful follower of the security digest I feel moved to add a
pennyworth of complaint.

I'm getting very tired of wading through the arrogant, hypercritical screeds
posted by some correspondents. 

Any user of FreeBSD must be aware that it's an exeptional piece of work
provided by volunteers who work their butts off. Our organisation is
particularly grateful to them since it enables us to provide clinical IT
which we couldn't possibly afford to do if the only option was commercial
Unices/Novell/NT. 

The setlocale() security hole is unfortunate, but I'm sure not unexeptional
in the context of any huge project written in C. Now it's known about and is
being/has been fixed. There will be others.

Security holes are a problem but also a fact of life for all system
managers. I don't have any complaint about the (unpaid) work of the core
team in attempting to patch them as they arise. What /would/ be tiresome
would be the widespread dissemination of exploits to make a (malicious?) point. 

Highly skilled hackers will probably always be able to get into systems,
this is also a fact of life. Telling (the much larger number) of less
skilled/inquisitive users exactly how to get a # seems to me to be
monstrously unhelpful. Unskilled hackers with root access are much more
likely to do considerable damage by mistake than a passing wizard "bagging"
your system or surreptitiously stealing CPU/disk space.

If these correspondents have a personal beef with members of the FreeBSD
core team would they please conduct it with private email.

Thanks.

Robin Melville
--------------------------------------------------------
Robin Melville, Addiction & Forensic Information Service
Nottingham Alcohol & Drug Team (Extn. 49178)
Vox: +44 (0)115 952 9478  Fax: +44 (0)115 952 9421 
Email: robmel@nadt.org.uk
WWW:   http://www.innotts.co.uk/nadt/
---------------------------------------------------------




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702061222.MAA06912>