From owner-freebsd-current Wed Feb 5 15:37:23 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA23303 for current-outgoing; Wed, 5 Feb 1997 15:37:23 -0800 (PST) Received: from seabass.progroup.com (catfish.progroup.com [206.24.122.2]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA23278 for ; Wed, 5 Feb 1997 15:37:19 -0800 (PST) Received: from seabass.progroup.com (seabass.progroup.com [206.24.122.1]) by seabass.progroup.com (8.7.5/8.7.3) with SMTP id PAA29495; Wed, 5 Feb 1997 15:36:21 -0800 (PST) Message-ID: <32F91975.59E2B600@progroup.com> Date: Wed, 05 Feb 1997 15:36:21 -0800 From: Craig Shaver Organization: Productivity Group, Inc. X-Mailer: Mozilla 3.01 (X11; I; FreeBSD 2.1.5-RELEASE i386) MIME-Version: 1.0 To: "Jordan K. Hubbard" CC: current@freebsd.org Subject: Re: Karl fulminates, film at 11. == thanks References: <23444.855180857@time.cdrom.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Jordan K. Hubbard wrote: > > > Just wanted to drop you a note to thank you for kicking the freebsd core > > team in the butt for security concerns. I am not sure your suggestions > > Oh dear, yet another person who seems to think that the best way of > getting someone to do you a favor is to force burning splinters under > their fingernails. You are right, and I am sorry for the harsh wording. > > Nobody is ignoring anything here, and no one on the core team fails to > take security seriously. We were given very *little* opportunity to > respond on this one, and despite what others have claimed, there was > no long-term awareness of this problem or conspiracy of silence. Ok, good ... > > > I have to admit, when I saw that crt.o had a security hole I was ready > > to dump freebsd and head straight for the nearest linux cd. I imagine > > I have been chastised in the past for saying "fine, go!" so I will not > take that tack here, but I will say that heading straight for the > nearest linux CD is also hardly likely to save you and you're more > than welcome to try it if you feel otherwise. You are quite right, and I should have put a :) at the end of that sentence. I have tried Linux in the past and been displeased with the bugs I found in standard libs and utilities. I have also had problems with the x86 version of Solaris 2.4. I switched my own server from Solaris to FreeBSD for more stability. I don't really want to switch to Linux now. > > The people here are working very hard and they are NOT paid for all > the extra hassle that this kind of security scare engenders (most are > not paid to deal with ANY FreeBSD related hassles). To heap abuse and > scorn on them for something they have given you for free strikes me as > both ungrateful and petty, and I hope to see a lot less of it in the > future or what joy I and others continue to derive from this project > will evaporate and you and others will have killed the golden goose > for its failure to lay eggs fast enough to your liking. > > Jordan Sorry. I will try to think before posting in the future. I would like to help with some of this if possible. I could put in a few hours to go through some of the code. I think I understand what the problems are regarding buffer overflows. However, like many people I have no idea of where to start, who is doing what, or who to talk to. I did not find anything on the www site that would explain how to contribute time. And the mail I have seen regarding this has been pretty vague. I certainly wouldn't want to waste my time with something that is already being worked on, or is not needed. -- Craig Shaver (craig@progroup.com) (415)390-0654 Productivity Group POB 60458 Sunnyvale, CA 94088