Date: Mon, 16 Dec 1996 09:14:25 -0600 From: Richard Wackerbarth <rkw@dataplex.net> To: Joakim Rastberg <jor@xinit.se> Cc: security@FreeBSD.ORG Subject: Re: crontab security hole exploit Message-ID: <l03010d00aedb15f6a17f@[208.2.87.4]> In-Reply-To: <Pine.GSO.3.95.961216154913.7742B-100000@lich> References: <l03010d02aedafca2ae0c@[208.2.87.4]>
next in thread | previous in thread | raw e-mail | index | archive | help
jor@xinit.se writes: >I would rather like the exploits be posted as they can be used >to leverage the "management" to pay attention (background: I am working as >a contractor to run some unix-boxes and although I whine about the low >security *nothing* happens until I can show I get a #, then someone >perhaps pulls the plug and pays for a more secure installation. My point >beeing is that many companies, at least the ones I work for, IGNORES holes >until someone have shown them the exploit) An interesting perspective. My attitude is that it is better to have obscurity than having the exploit readily available to a wide audience. I realize that the truly good crackers can figure it out for themself. But there are many "children" who will try something when it is handed to them. IMHO, we should at least give the upper hand to the sysops and, if possible, provide the fix before the attack becomes widespread.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03010d00aedb15f6a17f>