From owner-freebsd-security  Wed Jun 26 10:12:34 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40])
	by hub.freebsd.org (Postfix) with ESMTP id 8541537B59E
	for <freebsd-security@FreeBSD.ORG>; Wed, 26 Jun 2002 10:11:09 -0700 (PDT)
Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47])
	by mail.rpi.edu (8.12.1/8.12.1) with ESMTP id g5QHB4bh041628;
	Wed, 26 Jun 2002 13:11:04 -0400
Mime-Version: 1.0
X-Sender: drosih@mail.rpi.edu
Message-Id: <p051117a9b93fa58ebb7d@[128.113.24.47]>
In-Reply-To: <20020626110407.B22168@cs.utah.edu>
References: <4.3.2.7.2.20020626103956.02291aa0@localhost>
 <4.3.2.7.2.20020626101626.02274c80@localhost>
 <200206261452.AAA26617@caligula.anu.edu.au>
 <5.1.0.14.0.20020626103651.048ec778@marble.sentex.ca>
 <5.1.0.14.0.20020626110043.0522ded8@marble.sentex.ca>
 <4.3.2.7.2.20020626101626.02274c80@localhost>
 <4.3.2.7.2.20020626103956.02291aa0@localhost>
 <Pine.LNX.4.44.0206261845200.16380-100000@scribble.fsn.hu>
 <4.3.2.7.2.20020626105413.02275240@localhost>
 <20020626110407.B22168@cs.utah.edu>
Date: Wed, 26 Jun 2002 13:11:03 -0400
To: "David G . Andersen" <danderse@cs.utah.edu>,
	Brett Glass <brett@lariat.org>
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: The "race" that Theo sought to avoid has begun (Was: OpenSSH
 Advisory)
Cc: Attila Nagy <bra@fsn.hu>, freebsd-security@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.3 (www dot roaringpenguin dot com slash mimedefang)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 11:04 AM -0600 6/26/02, David G . Andersen wrote:

>   bullshit.  there's a one line workaround for this bug.

For you, it's a one-line workaround.  That workaround is
not available to everyone.  The problem is there was no
way to give you the information that would have been
helpful to you, without also giving "helpful" information
to people who might want to break into other people's
machines.

This wasn't a fun experience for anyone, but I'm not sure
how to deal with such remote-hole exploits in a painless
way.

But mainly, could we not argue this on the freebsd-security
mailing list?  You're just adding "chat noise" to a list
which was intended to be low-volume and high-info.

Please?  Everyone?

-- 
Garance Alistair Drosehn            =   gad@gilead.netel.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message