From owner-freebsd-security Tue Oct 1 13:14:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4147737B401 for ; Tue, 1 Oct 2002 13:14:31 -0700 (PDT) Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id D776E43E3B for ; Tue, 1 Oct 2002 13:14:30 -0700 (PDT) (envelope-from lomifeh@earthlink.net) Received: from earthlink.net (bgp586692bgs.jdover01.nj.comcast.net [68.39.202.147]) by mtaout01.icomcast.net (iPlanet Messaging Server 5.1 HotFix 1.4 (built Aug 5 2002)) with ESMTP id <0H3B00FL7K72UG@mtaout01.icomcast.net> for security@FreeBSD.ORG; Tue, 01 Oct 2002 16:13:51 -0400 (EDT) Date: Tue, 01 Oct 2002 16:13:49 -0400 From: Larry Sica Subject: Re: Is FreeBSD's tar susceptible to this? In-reply-to: <200210011934.g91JY6OW045102@apollo.backplane.com> To: Matthew Dillon Cc: Brett Glass , Matt Piechota , Aaron Namba , security@FreeBSD.ORG Message-id: <4C74EABB-D57A-11D6-AD20-000393A335A2@earthlink.net> MIME-version: 1.0 X-Mailer: Apple Mail (2.546) Content-type: text/plain; charset=US-ASCII; format=flowed Content-transfer-encoding: 7BIT Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tuesday, October 1, 2002, at 03:34 PM, Matthew Dillon wrote: > > :This is not because of the BSDL or GPL though. It is because of the > :project's makeup. Politics aside, a license has nothing to do with > the > :quality of the work, or lack thereof. And many *BSD and BSDL products > :have had security problems. Now sure, the zlib problem was avoided. > :But FreeBSD has had it's own recent spate of problems. I am not sure > :this discussion is even appropriate in this forum. If we are > :vulnerable it needs to be fixed, period. Let's not use a security > :problem for political maneuvering. > : > :--Larry > > The zlib problem was not avoided, e.g. 1.5.8.1 of deflate.c (unless > you are talking about another one, there were a couple of issues > if I recall), but zlib is an excellent example of the sucess of the > open-source community grapevine. I would have to go back and check for the exact one, but I should have been clearer, FreeBSD was affected but not as bad as some other OSes. Mostly because FreeBSD Did The Right Thing. I'll be clearer what I mean in the future.. --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message