From owner-freebsd-stable  Thu Apr 12  8: 5:12 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from www.stomped.com (stomped.com [216.17.56.5])
	by hub.freebsd.org (Postfix) with SMTP id 2148237B424
	for <freebsd-stable@freebsd.org>; Thu, 12 Apr 2001 08:05:10 -0700 (PDT)
	(envelope-from malhavoc@www.stomped.com)
Received: (qmail 48763 invoked by uid 1041); 12 Apr 2001 15:05:09 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 12 Apr 2001 15:05:09 -0000
Date: Thu, 12 Apr 2001 10:05:09 -0500 (CDT)
From: Jason Nugent <malhavoc@www.stomped.com>
To: <freebsd-stable@freebsd.org>
Subject: a word of appreciation
Message-ID: <Pine.BSF.4.33.0104121002110.48281-100000@www.stomped.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Folks,

I'm not sure how much you get of this, but I just wanted to say thanks to
all of you working on the freebsd project.  You do fine work.  I'm not
sure how often you get to hear that, so I'm going to say it now.

I just finished a routine upgrade of my FreeBSD 4.1.1-RELEASE machine to
4.3-RC, in order to make sure that the circulated ftp glob() vulnerability
wouldn't affect my system.

I'm curious, though, if the lib-paranoia library in the ports collection
would have prevented the exploit from happening in the first place.  Has
anyone experimented with this?

Jason
----------------------
Jason Nugent
Aka MalHavoc
Server Programmer and Administrator

S  T  O  M  P  E  D  .  C  O  M

For PGP public key:  http://malhavoc.stomped.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message