Date: Thu, 14 Aug 2003 12:46:04 -0600 From: Brett Glass <brett@lariat.org> To: Kris Kennaway <kris@obsecurity.org> Cc: freebsd-crap@FreeBSD.org Subject: Re: All "GNU" software potentially Trojaned Message-ID: <4.3.2.7.2.20030814124234.02a08540@localhost> In-Reply-To: <20030814074336.GA58098@rot13.obsecurity.org> References: <200308140525.XAA02934@lariat.org> <200308140525.XAA02934@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:43 AM 8/14/2003, Kris Kennaway wrote: >On Wed, Aug 13, 2003 at 11:25:04PM -0600, Brett Glass wrote: >> CERT Advisory CA-2003-21 GNU Project FTP Server Compromise > >This never would have happened if they had used the BSDL! Not true, of course. But on the other hand, the fact that FreeBSD uses their code means that it may have integrated Trojaned source. Another reason to avoid using code from a group that's not only unethical and malicious but also careless about security. Kris, as a member of FreeBSD's security team I hope you're checking to make sure that Trojaned code was not included. (The most effective way would, of course, be to remove the GNU code from FreeBSD, but while I'd like to see that done it's probably too much to hope for.) --Brett Glass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20030814124234.02a08540>