On Monday, 27 July 1998, at 22:05:45 (-0600), Theo de Raadt <deraadtat_private> wrote: > However, this bug does not by itself provide anyone with a way to gain > elevated priviledges and greater control of the system. That is what > most of us normally call an 'exploit', or has the lingo changed > recently? I won't even begin to count the "exploits" which have passed across this list recently that result in no machine compromise other than simple denial of a single service. I can't understand why one would want to point fingers at this particular issue, especially in light of the fact that it deals with the DoS of the entire operating system, after so many recent examples of much tamer "exploits." > On the other hand, my guess is that people expect a whole lot of > OpenBSD now, which well, is fine, we will continue to try.. but don't > get too upset if a few human failings show through. I am on a few > Linux developer mailing lists, and I see ways to crash Linux get > discussed all the time. But I have not seen many ways to crash Linux > on BUGTRAQ, so I think people expect more of us. Don't people always expect more of those who, at least in their own minds, have more to prove? Just look at the consumer expectations of NT versus those of UNIX.... > Well, I find it hard to believe that you are making that particular > statement without bias. We are human, too. We make mistakes from > time to time. Who knows, maybe tomorrow someone will crash your > machine using such an `exploit' for your favorite operating system. Perhaps so. And if they do, rest assured that I'll post the exploit information to BUGTRAQ. That is, after all, the whole point, isn't it? Passing information into the hands of those who need it and may be affected by it. > Black hats distribute information on how to crash systems? I thought > they were concentrating on breaking root. Then you haven't been paying attention lately. Let's see here... ping of death...NT BSOD exploits a-plenty...Exchange Server and IIS DoS attacks...Appex terminal server DoS.... I could go on for days. As much as I agree with you 99.9% of the time, I have to take issue with this one, Theo. Perhaps it hit closer to home than some, but it's still an exploit. Michael -- "Though it's been a while now, I can still feel so much pain. Like the knife that cuts you, the wound heals, but the scar, that scar remains." -- Poison, "Every Rose Has Its Thorn" ======================================================================= Michael Jennings http://www.tcserv.com/ <mejat_private> Senior Systems Engineer, Synectics, Inc. http://www.synectics.com/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:08:57 PDT