On Mon, Jul 27, 1998 at 04:00:49PM -0300, David Maxwell wrote: > Since this bug is explicitly marked confidential, and was only opened today, > would it not have been reasonable to delay forwarding this. Given that the > OpenBSD people are particularly enthusiastic about security auditing, I expect > it will be fixed quickly. In response to this, and in response to the person who privately called my forwarding of the bug report "lameness," I have this to say: The bug report was forwarded to some OpenBSD list to which I must have subscribed at one time. If the OpenBSD listfolk didn't want the bug known about then they should have kept it amongst the developers. The bug had already been made public in one forum; I simply brought it to the attention of this one. Apparently the moderator didn't have any qualms about approving it for distribution -- this list *is* about full disclosure, isn't it? I for one was appalled at the simplicity of the exploit in what's claimed to be one of the most secure operating systems around, especially since it doesn't appear to be a problem with the other BSDs. Black hats distribute these kind of exploits quickly. Let's make sure a few white hats know about them too. -- Michael Fuhr http://www.fuhr.net/~mfuhr/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:08:30 PDT