Date: Wed, 04 Sep 1996 16:07:26 -0600 From: Theo de Raadt <deraadt@theos.com> To: Nate Williams <nate@mt.sri.com> Cc: Theo de Raadt <deraadt@theos.com>, chat@freebsd.org Subject: Re: FreeBSD vs. Linux 96 (my impressions) - Reply Message-ID: <9609042207.AA12516@theos.com> In-Reply-To: Your message of "Wed, 04 Sep 1996 15:46:50 MDT." <199609042146.PAA02647@rocky.mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > So, now, remember the XXXXXX trace file bug FreeBSD recently fixed by >[...] > > I doubt even *one* person will get fried for that. Well, people have been fried by it. Nate, you are quite simply wrong. Your technical expertise does not land in security. Nate, you poopoo me in a comparison against Markus Ranum, then in the next report you say a security hole that can append log files to any file in the entire filesystem is ok. Terry had a very good point; I will use this as a reminder not to send bug reports to people like Nate, who will act as judge in areas they know shit all nothing about. > I didn't state I wanted your fix, just a pointer to where they might be so > *I* (or others) could go look them up. Nate, they are in the OpenBSD source tree. Go ahead, anoncvs is fun. > If you're worried about disclosure send them to CERT. No, I am more worried about proper use of my time. > But, if *YOU* can find them then so can > joe hacker, and he's going to get into the BSD systems that are so > insecure. Yup. FreeBSD and NetBSD boxes. Of course, any user can crash the OpenBSD or NetBSD vm system. > By disclosing them you at least put him on the same footing > as the hackers. If it means he has to disable potentially helpful code, > then so be it. It's better than losing years worth of work. Nate, if you don't want to lose your years worth of work you might consider putting your machines behind an OpenBSD firewall.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9609042207.AA12516>