From owner-freebsd-security Wed Jul 22 09:25:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA01410 for freebsd-security-outgoing; Wed, 22 Jul 1998 09:25:28 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA01388 for ; Wed, 22 Jul 1998 09:25:19 -0700 (PDT) (envelope-from jkh@time.cdrom.com) Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.8/8.8.8) with ESMTP id JAA14694; Wed, 22 Jul 1998 09:23:17 -0700 (PDT) (envelope-from jkh@time.cdrom.com) To: Brett Glass cc: ben@rosengart.com, Jim Shankland , ahd@kew.com, leec@adam.adonai.net, security@FreeBSD.ORG Subject: Re: hacked and don't know why In-reply-to: Your message of "Wed, 22 Jul 1998 08:53:47 MDT." <199807221453.IAA03997@lariat.lariat.org> Date: Wed, 22 Jul 1998 09:23:17 -0700 Message-ID: <14690.901124597@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > In that case, we have an as-yet-diagnosed bug in the system. We > really experienced disk corruption -- especially of directories -- > during the QPopper buffer overflow hack. Files got the wrong But tou have no idea as to whether or not this was directly due to the attack or to the hacker's subsequent parading around as root. You admitted yourself that you were several thousand miles away at the time and didn't find out until your return - it could have been anything and these conclusions your reaching are simply bad science. > It's a good argument for stack protection. No it's not. It's just an argument which I thought we agreed to end by now. :) - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message