Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 06 Feb 1997 10:49:00 -0500 (EST)
From:      "Stephen F. Combs" <CombsSF@Salem.GE.COM>
To:        Robin Melville <robmel@nadt.org.uk>
Cc:        security@freefall.freebsd.org
Subject:   Re: security-digest V3 #12
Message-ID:  <XFMail.970206105125.CombsSF@Salem.GE.COM>
In-Reply-To: <199702061222.MAA06912@charlie.nadt.org.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
Hear, Hear!  I've been using FreeBSD since the first available pre-release
snapshot and I've NO PROBLEMS with the core developers!  Jordan and the core
team have been EXTREEMLY responsive to problems/security holes/etc.....
Anything thought of by man can be circumvented by man!(don't remember WHO 
was the originator of that but 'TIS TRUE!).

Guys (and gals, if there are any) KEEP UP THE GOOD WORK!

On 06-Feb-97 Robin Melville wrote:
>As a careful follower of the security digest I feel moved to add a
>pennyworth of complaint.
>
>I'm getting very tired of wading through the arrogant, hypercritical screeds
>posted by some correspondents. 
>
>Any user of FreeBSD must be aware that it's an exeptional piece of work
>provided by volunteers who work their butts off. Our organisation is
>particularly grateful to them since it enables us to provide clinical IT
>which we couldn't possibly afford to do if the only option was commercial
>Unices/Novell/NT. 
>
>The setlocale() security hole is unfortunate, but I'm sure not unexeptional
>in the context of any huge project written in C. Now it's known about and is
>being/has been fixed. There will be others.
>
>Security holes are a problem but also a fact of life for all system
>managers. I don't have any complaint about the (unpaid) work of the core
>team in attempting to patch them as they arise. What /would/ be tiresome
>would be the widespread dissemination of exploits to make a (malicious?) point.
 
>
>Highly skilled hackers will probably always be able to get into systems,
>this is also a fact of life. Telling (the much larger number) of less
>skilled/inquisitive users exactly how to get a # seems to me to be
>monstrously unhelpful. Unskilled hackers with root access are much more
>likely to do considerable damage by mistake than a passing wizard "bagging"
>your system or surreptitiously stealing CPU/disk space.
>
>If these correspondents have a personal beef with members of the FreeBSD
>core team would they please conduct it with private email.
>
>Thanks.
>
>Robin Melville
>--------------------------------------------------------
>Robin Melville, Addiction & Forensic Information Service
>Nottingham Alcohol & Drug Team (Extn. 49178)
>Vox: +44 (0)115 952 9478  Fax: +44 (0)115 952 9421 
>Email: robmel@nadt.org.uk
>WWW:   http://www.innotts.co.uk/nadt/
>---------------------------------------------------------
>

----
Stephen F. Combs                 Internet:      CombsSF@Salem.GE.COM
GE Industrial Systems            Voice:         540.387.8828
Network Services                 Home:          CombsSF-Home@Salem.GE.COM
1501 Roanoke Blvd                FAX:           540.387.7106
Salem, VA  24153                 LapTop:        CombsSF-Mobile@Salem.GE.COM 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.970206105125.CombsSF>