From owner-freebsd-current Tue Feb 4 15:43:51 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA24492 for current-outgoing; Tue, 4 Feb 1997 15:43:51 -0800 (PST) Received: from time.cdrom.com (time.cdrom.com [204.216.27.226]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA24483 for ; Tue, 4 Feb 1997 15:43:48 -0800 (PST) Received: from time.cdrom.com (localhost [127.0.0.1]) by time.cdrom.com (8.8.5/8.6.9) with ESMTP id PAA28886 for ; Tue, 4 Feb 1997 15:43:47 -0800 (PST) To: current@freebsd.org Subject: Re: Karl fulminates, film at 11. Date: Tue, 04 Feb 1997 15:43:46 -0800 Message-ID: <28882.855099826@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk OK, for those of you who just came into this and are wondering at this sudden strange eruption of email in -current, let me just give a little background and attempt to set this sorry situation in order. Karl here, displaying his usual characteristic grace and charm, saw fit to suddenly explode into my mailbox this morning with a diatribe positively oozing with CAPITAL LETTERS and other such exclamations of anger and general pants-wetting excitement, and it contained (among other ravings) a demand that we remove 2.1.6 immediately and declare it the most open security trap known to man. You've seen this demand already, and Karl has reaffirmed it as his opinion. Now I'd only just seen Joe Greco's article about the crt0 security hole a couple of hours before, not really having had the chance to talk to our security officers about it yet, and besides I'm not exactly the kind of guy to rush off yelling "Yes Sir! I will kill all the occupants of this village on the suspicion that some of them may be dangerous insurgents, Sir! Of course I'm completely happy to take your word for it, Sir!" For a move that drastic, it needs to be discussed in core at the very minimum. Not discussed for a month or a week, maybe even just a couple of hours, but at least *discussed*. I communicated this to Karl, saying that nothing should be removed (and I should perhaps have said *at this stage*, but that's what I meant) and that the problem should instead be documented so that people could at least make a *decision* for now to either load and patch the 2.1.6 release or not load it at all. I also expected to see some sort of CERT advisory in the very near term, documenting at least the source code fix and the vulnerability, so between those two mediums I figured we'd at least cover the bases for those *new* people contemplating loading the 2.1.6 release. It's clearly only new ones we're talking about here since even an immediate 2.1.7 release and removal of 2.1.6 wouldn't save the installed base a thing. Anyway, this wasn't good enough for Karl at all and he continued on with his capslock key and general histrionics until I finally got sick of it and went off in a corner with Joe Greco to try and discuss practical solutions rather than how HORRIBLE and AWFUL and BAD the whole situation was, and how the person responsible should be publicly scorned and made to wear plaid clothing until the end of his days. Karl doesn't like being ignored, however, so now he's taken it to the -current mailing list where he hopes to drum up additional fear and probably more than a little loathing about this. For the record: We *are* going to do something, we're not clueless about the fact that this is a major security hole and quite possibly we will even remove 2.1.6 if we cannot supply an effective binary upgrade for it (which would be a desirable move from the installed-base point of view, but still not what Karl wants). Doing a 2.1.7 release is actually easier than it sounds, and I'm going to do one here just to have one as a backup, if nothing else, but the actual removal of bits will still have to wait until the core team has at least had a chance to discuss the matter. The impact on our 2.1.6 installed base is non-trivial, and simply rolling 2.1.7 and saying "OK folks, you all have to upgrade with the installer!" is a very, very painful prospect. I'd like to have a chance to work out an easier way of doing it, perhaps as the original package from hell, and I will be looking at this all night tonite. There is no one trying to "hide" from this problem or its ramifications here, and Karl simply can't face the fact that he rubs people raw by being hostile and abrasive when there's absolutely no need for it, so he claims it's the issue I'm trying to avoid rather than simply Karl and his unwonted abuse. Now that he's taken it public, I thought I'd at least try to explain what the situation was. This is the last you'll hear from me on this topic in -current and any future conversations I have with Karl will end as they started - in private email. I won't exchange lighting bolts in public with this guy again - it's just too old and familiar a refrain. Jordan