From owner-freebsd-security Fri May 17 09:35:13 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id JAA29528 for security-outgoing; Fri, 17 May 1996 09:35:13 -0700 (PDT) Received: from mail6 (root@mail6.netcom.com [192.100.81.142]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id JAA29519; Fri, 17 May 1996 09:35:10 -0700 (PDT) Received: from boris.scccc.com ([198.243.16.202]) by mail6 (8.6.13/Netcom) id JAA05795; Fri, 17 May 1996 09:35:08 -0700 Received: by boris.scccc.com (940816.SGI.8.6.9/940406.SGI) id KAA10797; Fri, 17 May 1996 10:31:18 -0600 Received: from natasha.scccc.com(198.243.16.198) by boris.scccc.com via smap (V1.3) id sma010795; Fri May 17 10:31:16 1996 Received: by natasha.scccc.com (940816.SGI.8.6.9/940406.SGI) id KAA15772; Fri, 17 May 1996 10:21:57 -0600 From: kduling@natasha.scccc.com (Kevin J. Duling) Message-Id: <199605171621.KAA15772@natasha.scccc.com> Subject: Re: very bad To: owner-freebsd-security@freefall.freebsd.org (Vladimir Jojic) Date: Fri, 17 May 1996 10:21:57 -0600 (MDT) Cc: freebsd-security@freebsd.org In-Reply-To: <199605171009.MAA00475@EUnet.yu> from "Vladimir Jojic" at May 17, 96 12:09:30 pm X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Hi, > > What IS very bad about this whole thing, isn't existance of this bug, > as much as how easliy information about it can be obtained. Even if > you do send patch along with info, there is still danger that someone, > gets up earlier than root, and then ... (sweat dreams, root!) What might be a better solution is to announce that "There is a problem" then provide the fix...but don't illustrate the problem. That way everyone is immediately notified of the problem and a fix for it, but you don't have a list of instructions for how to crack in. Personally, I prefer having the instructions, but it's not a good idea... -- Kevin J. Duling /\/^\^/^\^\/\ SCC Communications Corp. kduling@scc911.com Boulder, Colorado (303) 581-5769