Date: Wed, 4 Sep 1996 15:46:50 -0600 (MDT) From: Nate Williams <nate@mt.sri.com> To: Theo de Raadt <deraadt@theos.com> Cc: Nate Williams <nate@mt.sri.com>, chat@freebsd.org Subject: Re: FreeBSD vs. Linux 96 (my impressions) - Reply Message-ID: <199609042146.PAA02647@rocky.mt.sri.com> In-Reply-To: <9609042136.AA12381@theos.com> References: <199609042116.PAA02488@rocky.mt.sri.com> <9609042136.AA12381@theos.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> ...I haven't earned your trust. Ignore my fixes, they are not > worthwhile. Cool, can I add this to my .signature? "Ignore my fixes, they are not worthwhile." - deraaadt@theos.com I've been meaning to update it. :) > So, now, remember the XXXXXX trace file bug FreeBSD recently fixed by > replacing it with a version from XXXX at XXX? There you go: Hey > everyone, most of you are running a XXXXX that can be used to append > garbage to any file in your system. As many attacks as you want, just > keep enabling and disabling it with a different file. Nate, there's > your damn full disclosure. You feel better now, knowing that 40 > people just got fried? I doubt even *one* person will get fried for that. > > Integrating the VM is alot more difficult than sending an email message > > stating that the VM system is buggy. > > Integrating the security fixes is alot more difficult than sending an > email message stating that the security system is buggy. I didn't state I wanted your fix, just a pointer to where they might be so *I* (or others) could go look them up. If you're worried about disclosure send them to CERT. But, if *YOU* can find them then so can joe hacker, and he's going to get into the BSD systems that are so insecure. By disclosing them you at least put him on the same footing as the hackers. If it means he has to disable potentially helpful code, then so be it. It's better than losing years worth of work. Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609042146.PAA02647>