Date: Tue, 29 Apr 2025 12:57:07 +0000 (UTC) From: dudley innocent <dudleyi@yahoo.com> To: =?UTF-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@freebsd.org>, Greg 'groggy' Lehey <grog@freebsd.org> Cc: "freebsd-questions@FreeBSD.org" <freebsd-questions@freebsd.org> Subject: Re: Is FreeBSD insecure? Message-ID: <1862928411.203579.1745931427086@mail.yahoo.com> In-Reply-To: <aBAQql62xkYTpucv@hydra.lemis.com> References: <MW4PR15MB5160CDBA9415E8712BD72842C9862@MW4PR15MB5160.namprd15.prod.outlook.com> <aA8n__R77NZsmR43@hydra.lemis.com> <86msc0uwi3.fsf@ltc.des.dev> <aBAQql62xkYTpucv@hydra.lemis.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
Expletive filtering would have been nice right about now...
S/Dudley
On Tuesday, April 29, 2025 at 08:35:54 AM GMT+9, Greg 'groggy' Lehey <grog@freebsd.org> wrote:
On Monday, 28 April 2025 at 17:38:28 +0200, Dag-Erling Smørgrav wrote:
> [op not cc:ed because they're obviously a troll]
>
> Greg 'groggy' Lehey <grog@freebsd.org> writes:
>> Security is an important issue nowadays, and no operating system is
>> perfect. The FreeBSD project does everything possible to maintain its
>> good reputation, though so far I haven't seen anything that indicates
>> that the breach was the result of a FreeBSD bug. Was it maybe a third
>> party application, or incorrect configuration?
>
> It was allegedly an RCE in a long-unsupported version of
> Ghostscript, so not FreeBSD's fault at all.
Yes, I've since heard that too. See
https://www.theregister.com/2025/04/15/4chan_breached/, though it only
mentions out-of-date PHP and MySQL. That would have happened with any
operating system. But it's good to bring these details out into the
open.
Greg
--
When replying to this message, please copy the original recipients.
If you don't, I may ignore the reply or reply to the original recipients.
For more information, see http://www.lemis.com/questions.html
Sent from my desktop computer.
See complete headers for address and phone numbers.
This message is digitally signed. If your Microsoft mail program
reports problems, please read http://lemis.com/broken-MUA.php
[-- Attachment #2 --]
<html><head></head><body><div class="ydp26f21c0byahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div></div>
<div dir="ltr" data-setdir="false">Expletive filtering would have been nice right about now...</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">S/Dudley</div><div><br></div>
<div id="ydp26f21c0byahoo_quoted_6030032308" class="ydp26f21c0byahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;">
<div>
On Tuesday, April 29, 2025 at 08:35:54 AM GMT+9, Greg 'groggy' Lehey <grog@freebsd.org> wrote:
</div>
<div><br></div>
<div><br></div>
<div>On Monday, 28 April 2025 at 17:38:28 +0200, Dag-Erling Smørgrav wrote:<br>> [op not cc:ed because they're obviously a troll]<br>><br>> Greg 'groggy' Lehey <<a href="mailto:grog@freebsd.org" rel="nofollow" target="_blank">grog@freebsd.org</a>> writes:<br>>> Security is an important issue nowadays, and no operating system is<br>>> perfect. The FreeBSD project does everything possible to maintain its<br>>> good reputation, though so far I haven't seen anything that indicates<br>>> that the breach was the result of a FreeBSD bug. Was it maybe a third<br>>> party application, or incorrect configuration?<br>><br>> It was allegedly an RCE in a long-unsupported version of<br>> Ghostscript, so not FreeBSD's fault at all.<br><br>Yes, I've since heard that too. See<br>https://www.theregister.com/2025/04/15/4chan_breached/, though it only<br>mentions out-of-date PHP and MySQL. That would have happened with any<br>operating system. But it's good to bring these details out into the<br>open.<br><br>Greg<br>--<br>When replying to this message, please copy the original recipients.<br>If you don't, I may ignore the reply or reply to the original recipients.<br>For more information, see <a href="http://www.lemis.com/questions.html" rel="nofollow" target="_blank">http://www.lemis.com/questions.html</a><br>Sent from my desktop computer.<br>See complete headers for address and phone numbers.<br>This message is digitally signed. If your Microsoft mail program<br>reports problems, please read <a href="http://lemis.com/broken-MUA.php" rel="nofollow" target="_blank">http://lemis.com/broken-MUA.php</a><br></div>;
</div>
</div></div></body></html>
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1862928411.203579.1745931427086>