Date: Sat, 19 Oct 1996 09:01:32 +0200 From: Poul-Henning Kamp <phk@critter.tfs.com> To: dyson@freebsd.org Cc: downsj@teeny.org (Jason Downs), ache@nagual.ru, dg@Root.COM, gritton@byu.edu, freebsd-hackers@freebsd.org, tech-userlevel@netbsd.org, misc@openbsd.org Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c Message-ID: <9491.845708492@critter.tfs.com> In-Reply-To: Your message of "Sat, 19 Oct 1996 01:26:31 CDT." <199610190626.BAA02729@dyson.iquest.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199610190626.BAA02729@dyson.iquest.net>, "John S. Dyson" writes: >> >> Ah, yes. I've been watching this thread with some amount of amusement, as >> have other OpenBSD developers. >> >> Yes, please back it out. I would rather have OpenBSD remain the most secure >> version of UNIX that money can't buy. >> > >Additionally, that "fix" was simply the wrong thing to do, and there are >better ways to deal with the problem. If the zeroing the buffer in db >was typical of the ways that others are "fixing" security, well... Sad... :-( >. "Have foot, will shoot" was what I read it as :-) -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Future will arrive by its own means, progress not so.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9491.845708492>