Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 03 Oct 1998 10:48:09 -0700
From:      "Jordan K. Hubbard" <jkh@time.cdrom.com>
To:        Brett Glass <brett@lariat.org>
Cc:        CyberPsychotic <fygrave@freenet.bishkek.su>, Mike Smith <mike@smith.net.au>, Frank Pawlak <fpawlak@execpc.com>, Open Systems Networking <opsys@mail.webspan.net>, freebsd-chat@FreeBSD.ORG
Subject:   Re: Status Report on 2.2.6 Giveaway CD's 
Message-ID:  <13859.907436889@time.cdrom.com>
In-Reply-To: Your message of "Sat, 03 Oct 1998 11:00:59 MDT." <4.1.19981003105957.0420ea30@mail.lariat.org> 

next in thread | previous in thread | raw e-mail | index | archive | help
> I was debating asking for some of the 2.2.6 giveaway CDs, but opted
> not to do so. Why? Because that release had some security problems
> that could actually sour some folks on FreeBSD. We were rooted as
> a result of one of them.

Oh god, I was going to jump out of this silly thread now but that
idiotic statement above just can't be allowed to stand unchallenged.

As has already been widely discussed in this very mailing list, Brett
was rooted due to his own incompetence and not some bug in "FreeBSD",
the bug in question not even being a part of the core distribution but
in an external package called popper.  For what it's worth, just about
every other OS using this version of popper (which was basically
everybody) was equally vulnerable and to specifically blame FreeBSD
for this is as unfair as it is inaccurate.  Brett's own incompetence
ain this affair is incontravertable since it subsequently transpired
that he left NO admin in charge during his absence (which for any box
left 24/7 on the internet is just begging for trouble) nor did he
bother to check BUGTRAK or rootshell.com or any of the other
well-known sites for exploits when he came back.  He was, in effect,
rooted by a bug that just about everyone and his dog had closed some
2-3 weeks previously and then had the gall to come onto these mailing
lists and flame everyone and anyone to toast for allowing him to walk
into an open manhole.  I think we spent about 2 weeks on that flame
fest and then, as now, the final verdict seemed to be that Brett was
purely of a jerk for blaming everyone else for his administrative
shortcomings.  We certainly didn't get anywhere near the same amount
of grief from anyone *else* about the popper bug and most admins
seemed to understand that it was part of their responsibility as
admins to keep an eye on things or appoint someone else to do it while
on vacation.  Failure to do that only leaves you open to whatever
root-du-jour happens to be going around and, though we certainly have
far less such incidents than many of our sister OSes, is still very
much a part of an admin's responsibility to keep up on what's
happening.

Brett, through inaction and poor advance planning, failed to do so and
lost a foot as a consequence.  I ordinarily would also cut anyone a
fair bit of slack over such failings since we're all human and such,
but Brett then compounded his error by wasting everyone's time for the
next couple of weeks with pointless argument about how FreeBSD should
have somehow Not Been Vulnerable to any form of security bug and we
should also stop writing in C right away because it was a poor
language from a security POV.  Excuse me?  That's considered
productive debate and not just "being in denial" about one's own
shortcomings as an administrator?  I don't think so.  Brett may be
right about some things, but in so many others it's like his head was
screwed on against the thread or something.  We just cannot figure
this guy out!

- Jordan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13859.907436889>