Author: "Perry E. Metzger" <perryat_private>
Date: Mon, 27 Jul 1998 23:21:20 -0400
ID: <199807280321.XAA08929at_private>
> > While I'll agree that this is a very lame bug (in the sense
> > that it shouldn't exist), one can hardly call it an exploit.
>
> Dunno. If your ISP was running on OpenBSD it would be pretty damn
> annoying.
Sure, annoying, but an exploit? Is BugTraq going to start publishing all
local attacks and crashers?
> Personally, I find the constant claims that OpenBSD is more secure
> than FreeBSD and NetBSD annoying. We all do extensive security
> work. This is just another example of a fairly common situation -- in
> which OpenBSD has a bug that other BSDs don't. Sometimes it is the
> other way around, too, but you'd think from the propaganda that it was
> always, or even usually, OpenBSD that was the most secure system.
I've seen a lot more exploits for Free-/Net- BSD posted to BugTraq than for
OpenBSD.
I haven't seen any remote exploits for OpenBSD in recent memory, nor any
root exploits local or remote.
Saying that this _one_ example "proves" that OpenBSD is not more secure than
Free-/Net- BSD doesn't really seem rational.
TjL
--
I go offline on 31 July 1998
Mail delivered to "luomatat_private" will eventually be
read, but I can't promise how many days/weeks/months it will be.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:09:08 PDT