Date: Wed, 05 Feb 1997 15:36:21 -0800 From: Craig Shaver <craig@progroup.com> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: current@freebsd.org Subject: Re: Karl fulminates, film at 11. == thanks Message-ID: <32F91975.59E2B600@progroup.com> References: <23444.855180857@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jordan K. Hubbard wrote: > > > Just wanted to drop you a note to thank you for kicking the freebsd core > > team in the butt for security concerns. I am not sure your suggestions > > Oh dear, yet another person who seems to think that the best way of > getting someone to do you a favor is to force burning splinters under > their fingernails. You are right, and I am sorry for the harsh wording. > > Nobody is ignoring anything here, and no one on the core team fails to > take security seriously. We were given very *little* opportunity to > respond on this one, and despite what others have claimed, there was > no long-term awareness of this problem or conspiracy of silence. Ok, good ... > > > I have to admit, when I saw that crt.o had a security hole I was ready > > to dump freebsd and head straight for the nearest linux cd. I imagine > > I have been chastised in the past for saying "fine, go!" so I will not > take that tack here, but I will say that heading straight for the > nearest linux CD is also hardly likely to save you and you're more > than welcome to try it if you feel otherwise. You are quite right, and I should have put a :) at the end of that sentence. I have tried Linux in the past and been displeased with the bugs I found in standard libs and utilities. I have also had problems with the x86 version of Solaris 2.4. I switched my own server from Solaris to FreeBSD for more stability. I don't really want to switch to Linux now. > > The people here are working very hard and they are NOT paid for all > the extra hassle that this kind of security scare engenders (most are > not paid to deal with ANY FreeBSD related hassles). To heap abuse and > scorn on them for something they have given you for free strikes me as > both ungrateful and petty, and I hope to see a lot less of it in the > future or what joy I and others continue to derive from this project > will evaporate and you and others will have killed the golden goose > for its failure to lay eggs fast enough to your liking. > > Jordan Sorry. I will try to think before posting in the future. I would like to help with some of this if possible. I could put in a few hours to go through some of the code. I think I understand what the problems are regarding buffer overflows. However, like many people I have no idea of where to start, who is doing what, or who to talk to. I did not find anything on the www site that would explain how to contribute time. And the mail I have seen regarding this has been pretty vague. I certainly wouldn't want to waste my time with something that is already being worked on, or is not needed. -- Craig Shaver (craig@progroup.com) (415)390-0654 Productivity Group POB 60458 Sunnyvale, CA 94088
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32F91975.59E2B600>