From owner-freebsd-chat Sat Oct 3 11:01:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA03406 for freebsd-chat-outgoing; Sat, 3 Oct 1998 11:01:58 -0700 (PDT) (envelope-from owner-freebsd-chat@FreeBSD.ORG) Received: from time.cdrom.com (time.cdrom.com [204.216.27.226]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA03401 for ; Sat, 3 Oct 1998 11:01:57 -0700 (PDT) (envelope-from jkh@time.cdrom.com) Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.8/8.8.8) with ESMTP id KAA13863; Sat, 3 Oct 1998 10:48:09 -0700 (PDT) (envelope-from jkh@time.cdrom.com) To: Brett Glass cc: CyberPsychotic , Mike Smith , Frank Pawlak , Open Systems Networking , freebsd-chat@FreeBSD.ORG Subject: Re: Status Report on 2.2.6 Giveaway CD's In-reply-to: Your message of "Sat, 03 Oct 1998 11:00:59 MDT." <4.1.19981003105957.0420ea30@mail.lariat.org> Date: Sat, 03 Oct 1998 10:48:09 -0700 Message-ID: <13859.907436889@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I was debating asking for some of the 2.2.6 giveaway CDs, but opted > not to do so. Why? Because that release had some security problems > that could actually sour some folks on FreeBSD. We were rooted as > a result of one of them. Oh god, I was going to jump out of this silly thread now but that idiotic statement above just can't be allowed to stand unchallenged. As has already been widely discussed in this very mailing list, Brett was rooted due to his own incompetence and not some bug in "FreeBSD", the bug in question not even being a part of the core distribution but in an external package called popper. For what it's worth, just about every other OS using this version of popper (which was basically everybody) was equally vulnerable and to specifically blame FreeBSD for this is as unfair as it is inaccurate. Brett's own incompetence ain this affair is incontravertable since it subsequently transpired that he left NO admin in charge during his absence (which for any box left 24/7 on the internet is just begging for trouble) nor did he bother to check BUGTRAK or rootshell.com or any of the other well-known sites for exploits when he came back. He was, in effect, rooted by a bug that just about everyone and his dog had closed some 2-3 weeks previously and then had the gall to come onto these mailing lists and flame everyone and anyone to toast for allowing him to walk into an open manhole. I think we spent about 2 weeks on that flame fest and then, as now, the final verdict seemed to be that Brett was purely of a jerk for blaming everyone else for his administrative shortcomings. We certainly didn't get anywhere near the same amount of grief from anyone *else* about the popper bug and most admins seemed to understand that it was part of their responsibility as admins to keep an eye on things or appoint someone else to do it while on vacation. Failure to do that only leaves you open to whatever root-du-jour happens to be going around and, though we certainly have far less such incidents than many of our sister OSes, is still very much a part of an admin's responsibility to keep up on what's happening. Brett, through inaction and poor advance planning, failed to do so and lost a foot as a consequence. I ordinarily would also cut anyone a fair bit of slack over such failings since we're all human and such, but Brett then compounded his error by wasting everyone's time for the next couple of weeks with pointless argument about how FreeBSD should have somehow Not Been Vulnerable to any form of security bug and we should also stop writing in C right away because it was a poor language from a security POV. Excuse me? That's considered productive debate and not just "being in denial" about one's own shortcomings as an administrator? I don't think so. Brett may be right about some things, but in so many others it's like his head was screwed on against the thread or something. We just cannot figure this guy out! - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message