From owner-freebsd-current Fri Aug 9 13:27:55 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA02664 for current-outgoing; Fri, 9 Aug 1996 13:27:55 -0700 (PDT) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id NAA02637 for ; Fri, 9 Aug 1996 13:27:50 -0700 (PDT) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by who.cdrom.com (8.7.5/8.6.11) with SMTP id LAA00455 for ; Fri, 9 Aug 1996 11:06:04 -0700 (PDT) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id LAA19122; Fri, 9 Aug 1996 11:00:59 -0700 From: Terry Lambert Message-Id: <199608091800.LAA19122@phaeton.artisoft.com> Subject: Re: exploitable security risk To: roberto@keltia.freenix.fr (Ollivier Robert) Date: Fri, 9 Aug 1996 11:00:58 -0700 (MST) Cc: freebsd-current@freebsd.org In-Reply-To: <199608090454.GAA00939@keltia.freenix.fr> from "Ollivier Robert" at Aug 9, 96 06:54:43 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > You might want to look at the OpenBSD CVS tree. They have been fixing > > a whole boatload of "oflow" cases in the BSD sources. I don't know if > > all of them are exploitable security holes or not, but they are likely > > bugs and should likely be looked at. > > It is a pity Theo doesn't want to talk about precisely what he fixed. ONe > has to go digging in the CVS tree to find the fixes... With respect, it is my impression that talking about (and being put in the position of having to justify) the patches would seriously detract from the amount of time he could spend on forward progress. I'm sure it has been tempting for many of us to come out with something like "OllivierBSD" or "TerryBSD" for similar reasons. OpenBSD seems to have a sufficient critical mass of people that they can hack enough code that they wouldn't fall behind by actually going off on their own. I think this is one of several obvious (and unvoiced) reasons for the split. The blame is given to the events which are reactions to the frustrations; the causes of the frustrations were/are never discussed. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.