From owner-freebsd-security  Mon Apr 19 11:18:50 1999
Delivered-To: freebsd-security@freebsd.org
Received: from weathership.homeport.org (weathership.homeport.org [207.31.235.99])
	by hub.freebsd.org (Postfix) with ESMTP id 94CAF14C34
	for <security@FreeBSD.ORG>; Mon, 19 Apr 1999 11:18:12 -0700 (PDT)
	(envelope-from adam@weathership.homeport.org)
Received: (from adam@localhost)
	by weathership.homeport.org (8.8.8/8.8.5) id OAA18048;
	Mon, 19 Apr 1999 14:40:59 -0400 (EDT)
Date: Mon, 19 Apr 1999 14:40:59 -0400
From: Adam Shostack <adam@homeport.org>
To: Chris <freebsd@hiway1.exit109.com>
Cc: Paul Hart <hart@iserver.com>, security@FreeBSD.ORG
Subject: Re: poink and freebsd
Message-ID: <19990419144059.A17993@weathership.homeport.org>
References: <Pine.BSF.3.96.990419115152.253A-100000@anchovy.orem.iserver.com> <Pine.BSF.3.96.990419135740.20749D-100000@hiway1.exit109.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.3i
In-Reply-To: <Pine.BSF.3.96.990419135740.20749D-100000@hiway1.exit109.com>; from Chris on Mon, Apr 19, 1999 at 01:58:23PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

While full-dscoluse flame wars are fun, and I'd hate to distract
people from that, I am curious if anyone has verified FreeBSD's
vulnerability (or lack thereof) to this?  All my boxes are in
production use, and I don't have crashable targets to test right now.

It would be nice to see a statement from someone who knows about the
status of -CURRENT, -RELEASE, and if we've invulnerable, if any of
the relevant code has been changed in the memorable past.

Adam

On Mon, Apr 19, 1999 at 01:58:23PM -0400, Chris wrote:
| last time i saw someone post the source to a recent exploit to this list,
| you all attacked him, told him he was "stupid" for posting the source to a
| public forum such as this...
| 
| so i guess, your damned if you do and your damned if you dont? is that the
| way it works?
| 
| -Chris
| 
| On Mon, 19 Apr 1999, Paul Hart wrote:
| 
| > On Mon, 19 Apr 1999, Chris wrote:
| > 
| > > id rather not post the source to the list, since this is how exploits
| > > get distributed, and bad things occur. 
| > 
| > Well, so much for the full-disclosure so many of us value.  Is this the
| > same "poink" that was recently posted to Bugtraq?
| > 
| >     http://geek-girl.com/bugtraq/1999_2/0125.html
| > 
| > Without more of a description, how are any of us to know?
| > 
| > Paul Hart
| > 
| > --
| > Paul Robert Hart        ><8>  ><8>  ><8>        Verio Web Hosting, Inc.
| > hart@iserver.com        ><8>  ><8>  ><8>        http://www.iserver.com/
| > 
| 
| 
| 
| To Unsubscribe: send mail to majordomo@FreeBSD.org
| with "unsubscribe freebsd-security" in the body of the message

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message