From owner-freebsd-security Tue Oct 3 23:18:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.flexabit.net (ns1.flexabit.net [64.198.230.130]) by hub.freebsd.org (Postfix) with ESMTP id AFEB137B503 for ; Tue, 3 Oct 2000 23:18:23 -0700 (PDT) Received: from LIQUID.uiuc.edu (wakeland-103.flexabit.net [64.198.239.103]) by ns1.flexabit.net (Postfix) with ESMTP id B937AFA99; Wed, 4 Oct 2000 01:18:17 -0500 (CDT) Message-Id: <5.0.0.25.2.20001004011552.02eee900@students.uiuc.edu> X-Sender: yardley@students.uiuc.edu X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Wed, 04 Oct 2000 01:18:25 -0500 To: Mike Silbersack From: Tim Yardley Subject: Re: Fwd: BSD chpass Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I would just like to point out that it was posted to bugtraq because the original work in progress exploit was leaked. Venders are always notified once you have something that works, and caddis is not in exception to this rule. The leak caused this bug to be posted before it was meant to be. If you do notice, obsd posted an advisory right after, which does show that at least some people were in the "know". /tmy At 12:24 AM 10/4/2000, Mike Silbersack wrote: >Looks like the guy didn't want to talk to vendors before posting. > >Mike "Silby" Silbersack -- Diving into infinity my consciousness expands in inverse proportion to my distance from singularity +-------- ------- ------ ----- ---- --- -- --- ------ ------- -------- - --------------+ | Tim Yardley (yardley@uiuc.edu) | http://www.students.uiuc.edu/~yardley/ +-------- ------- ------ ----- ---- --- -- --- ------ ------- -------- - --------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message