From owner-freebsd-security Thu Feb 6 07:58:02 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA03198 for security-outgoing; Thu, 6 Feb 1997 07:58:02 -0800 (PST) Received: from ns.ge.com (ns.ge.com [192.35.39.24]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA03157 for ; Thu, 6 Feb 1997 07:57:55 -0800 (PST) Received: from thomas.ge.com (thomas.ge.com [3.47.28.21]) by ns.ge.com (8.8.4/8.7.3) with ESMTP id KAA03187; Thu, 6 Feb 1997 10:55:50 -0500 (EST) Received: from crissy.gemis.ge.com (crissy-ether.gemis.ge.com [3.29.7.204]) by thomas.ge.com (8.8.4/8.7.5) with SMTP id KAA10926; Thu, 6 Feb 1997 10:58:39 -0500 (EST) Received: from terrapin.salem.ge.com (terrapin.salem.ge.com [3.29.6.145]) by crissy.gemis.ge.com (8.6.11/8.6.11) with ESMTP id KAA16310; Thu, 6 Feb 1997 10:51:25 -0500 Received: from combs.salem.ge.com (combs.salem.ge.com [3.29.5.200]) by terrapin.salem.ge.com (8.8.3/8.8.3) with ESMTP id KAA28609; Thu, 6 Feb 1997 10:51:25 -0500 (EST) Received: (from steve@localhost) by combs.salem.ge.com (8.8.3/8.8.3) id KAA00889; Thu, 6 Feb 1997 10:51:25 -0500 (EST) Message-ID: X-Mailer: XFMail 1.0 [p0] on SunOS Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <199702061222.MAA06912@charlie.nadt.org.uk> Date: Thu, 06 Feb 1997 10:49:00 -0500 (EST) Organization: GE Motors & Industrial Systems From: "Stephen F. Combs" To: Robin Melville Subject: Re: security-digest V3 #12 Cc: security@freefall.freebsd.org Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Hear, Hear! I've been using FreeBSD since the first available pre-release snapshot and I've NO PROBLEMS with the core developers! Jordan and the core team have been EXTREEMLY responsive to problems/security holes/etc..... Anything thought of by man can be circumvented by man!(don't remember WHO was the originator of that but 'TIS TRUE!). Guys (and gals, if there are any) KEEP UP THE GOOD WORK! On 06-Feb-97 Robin Melville wrote: >As a careful follower of the security digest I feel moved to add a >pennyworth of complaint. > >I'm getting very tired of wading through the arrogant, hypercritical screeds >posted by some correspondents. > >Any user of FreeBSD must be aware that it's an exeptional piece of work >provided by volunteers who work their butts off. Our organisation is >particularly grateful to them since it enables us to provide clinical IT >which we couldn't possibly afford to do if the only option was commercial >Unices/Novell/NT. > >The setlocale() security hole is unfortunate, but I'm sure not unexeptional >in the context of any huge project written in C. Now it's known about and is >being/has been fixed. There will be others. > >Security holes are a problem but also a fact of life for all system >managers. I don't have any complaint about the (unpaid) work of the core >team in attempting to patch them as they arise. What /would/ be tiresome >would be the widespread dissemination of exploits to make a (malicious?) point. > >Highly skilled hackers will probably always be able to get into systems, >this is also a fact of life. Telling (the much larger number) of less >skilled/inquisitive users exactly how to get a # seems to me to be >monstrously unhelpful. Unskilled hackers with root access are much more >likely to do considerable damage by mistake than a passing wizard "bagging" >your system or surreptitiously stealing CPU/disk space. > >If these correspondents have a personal beef with members of the FreeBSD >core team would they please conduct it with private email. > >Thanks. > >Robin Melville >-------------------------------------------------------- >Robin Melville, Addiction & Forensic Information Service >Nottingham Alcohol & Drug Team (Extn. 49178) >Vox: +44 (0)115 952 9478 Fax: +44 (0)115 952 9421 >Email: robmel@nadt.org.uk >WWW: http://www.innotts.co.uk/nadt/ >--------------------------------------------------------- > ---- Stephen F. Combs Internet: CombsSF@Salem.GE.COM GE Industrial Systems Voice: 540.387.8828 Network Services Home: CombsSF-Home@Salem.GE.COM 1501 Roanoke Blvd FAX: 540.387.7106 Salem, VA 24153 LapTop: CombsSF-Mobile@Salem.GE.COM