Date: Tue, 04 Feb 1997 17:20:04 -0800 From: Julian Elischer <julian@whistle.com> To: Karl Denninger <karl@Mcs.Net> Cc: "Jordan K. Hubbard" <jkh@time.cdrom.com>, current@FreeBSD.ORG Subject: Re: Question: 2.1.7? Message-ID: <32F7E044.7DE14518@whistle.com> References: <199702042244.QAA03172@Jupiter.Mcs.Net>
next in thread | previous in thread | raw e-mail | index | archive | help
Karl Denninger wrote: > If the 'sploit is so well known, then could you giv eus MORE info? I really hate not knowing what the problem is: I would go as far as saying: probably a 2.1.6.2 should be made. the cdroms that are shipped after right now should have a sticker stuck on them saying: "before rnning this on a system connected to the internet, check www.freebsd.org for a program to run to fix a known security hole" and leave it at that... a new cdrom can come out with the fix in time and we should ACTIVELY push a script that "Patches" the problem files and does whatever is needed. I'm talking from a point of view of what we'd probably do in places where I've worked.. I think that a notice should be put in the FTP site about the problem but that we shouldn't PULL it yet.. what we SHOULD do is RAELLY MAKE IT KNOWN that there is 1/ a problem 2/ a fix please both of you.. go back to your corners. you are BOTH acting in a manner I think you should seriously look at. think about what you can do to IMPROVE this, TAKING THE OTHER INTO ACCOUNT. If it doesn't help, then don't do/say it. about to launch thousands of 2.2 boxes.. does this affect 2.2? and how? We don't allow any logins on the boxes.. direct or indirect is there still a risk? julian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32F7E044.7DE14518>