Date: Fri, 9 Aug 1996 11:00:58 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: roberto@keltia.freenix.fr (Ollivier Robert) Cc: freebsd-current@freebsd.org Subject: Re: exploitable security risk Message-ID: <199608091800.LAA19122@phaeton.artisoft.com> In-Reply-To: <199608090454.GAA00939@keltia.freenix.fr> from "Ollivier Robert" at Aug 9, 96 06:54:43 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > You might want to look at the OpenBSD CVS tree. They have been fixing > > a whole boatload of "oflow" cases in the BSD sources. I don't know if > > all of them are exploitable security holes or not, but they are likely > > bugs and should likely be looked at. > > It is a pity Theo doesn't want to talk about precisely what he fixed. ONe > has to go digging in the CVS tree to find the fixes... With respect, it is my impression that talking about (and being put in the position of having to justify) the patches would seriously detract from the amount of time he could spend on forward progress. I'm sure it has been tempting for many of us to come out with something like "OllivierBSD" or "TerryBSD" for similar reasons. OpenBSD seems to have a sufficient critical mass of people that they can hack enough code that they wouldn't fall behind by actually going off on their own. I think this is one of several obvious (and unvoiced) reasons for the split. The blame is given to the events which are reactions to the frustrations; the causes of the frustrations were/are never discussed. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608091800.LAA19122>