Date: Fri, 17 May 1996 10:21:57 -0600 (MDT) From: kduling@natasha.scccc.com (Kevin J. Duling) To: owner-freebsd-security@freefall.freebsd.org (Vladimir Jojic) Cc: freebsd-security@freebsd.org Subject: Re: very bad Message-ID: <199605171621.KAA15772@natasha.scccc.com> In-Reply-To: <199605171009.MAA00475@EUnet.yu> from "Vladimir Jojic" at May 17, 96 12:09:30 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi, > > What IS very bad about this whole thing, isn't existance of this bug, > as much as how easliy information about it can be obtained. Even if > you do send patch along with info, there is still danger that someone, > gets up earlier than root, and then ... (sweat dreams, root!) What might be a better solution is to announce that "There is a problem" then provide the fix...but don't illustrate the problem. That way everyone is immediately notified of the problem and a fix for it, but you don't have a list of instructions for how to crack in. Personally, I prefer having the instructions, but it's not a good idea... -- Kevin J. Duling /\/^\^/^\^\/\ SCC Communications Corp. kduling@scc911.com Boulder, Colorado (303) 581-5769
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605171621.KAA15772>