Date: Fri, 17 May 1996 14:46:28 -0400 (EDT) From: Scanner SOD <scanner@webspan.net> To: Vladimir Jojic <vjojic@EUnet.yu> Cc: freebsd-security@freebsd.org Subject: Re: very bad Message-ID: <Pine.BSF.3.91.960517144047.17748A-100000@orion.webspan.net> In-Reply-To: <199605171009.MAA00475@EUnet.yu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 May 1996, Vladimir Jojic wrote: > > Hi, > > What IS very bad about this whole thing, isn't existance of this bug, > as much as how easliy information about it can be obtained. Even if > you do send patch along with info, there is still danger that someone, > gets up earlier than root, and then ... (sweat dreams, root!) > > I am not very familiar with mailing list programs, but there is posible > improvment (if it isn't yet done): > > - add special class of mailing list, such as security list > > - when user wants to be added to this list, program checks > if his root (of system from which mail came) is on the > list: > 1. yes, inform root (or address he left), about > that user (even ask if he allows him to join > this list, this is a bit fascist, but that's > security) > 2. not, inform root about existence of this list > ask him if he wants to join (where to send him > mail, how much to *delay* info on bugs to users > on his system, or not even allow them to join > (hey, maybe system is crackers nest)) > if not, ask him should the user be allowed to > join list I have to agree. Myself and others on the FreeBSD Net. (http://www.bsdnet.org) Have recently become very concerned about the policies of the propogation and lack thereof, of security information on FreeBSD. Im not blaming anyone I acknowledge just how many hours there are in a day for the everyone. But we fear that as FreeBSD becomes a more appealing route to take for a lot of ISP's, companies, etc.. That we are going to wind up taking the same policies. See no evil hear no evil. I have complete faith that BSD is one of the most secure unicies out there, But when a "feature" :) like the mount_union pops up it makes one wonder what is wrong with that picture. I would like to volunteer to help out in any way to see that something along the lines of vladimir's suggestions are carried out. I think we need a fast, safe way to bring admins the information that is critical. -- ===================================| Webspan Inc., ISP Division. FreeBSD 2.1.0 is available now! | Phone: 908-367-8030 ext. 126 -----------------------------------| 500 West Kennedy Blvd., Lakewood, NJ-08701 Turning PCs into Workstations | E-Mail: scanner@webspan.net ===================================| SysAdmin / Network Engineer / Consultant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960517144047.17748A-100000>