In some email I received from Paul Robertson, sie wrote: > On Sat, 12 Oct 2002, Darren Reed wrote: > > > This deserves more treatment than I have given it because I'm > > sure it is a reflection of an attitude people form when they > > have no understanding of roles and responsibilities people have, > > never mind what "software engineering" is, beyond a simple "hack > > on it" mentality. > > I think you're taking it more personally than you should[1], let me see if > I can take a less inflamitory stance... > > > So your reading, of my saying meaning the "someone else" to be the > > users is quite incorrect. What I said was, literally, quite correct. > > I think what Mikael's concern was (and he'll pipe up if I'm wrong, I'm > sure) is that folks looking at the vuln. note will see "IPFilter- Not > vulnerable." and stop there, rather than looking for a Net- or Free- > entry. "Check the specific OS line, or your version number, or upgrade." > Might be more helpful too. Well what other conclusion do you arrive at when you've spent several days testing and failed to make the problem happen ? That said, my feedback mentioned quite specifically that ipfilter was not vulnerable to *that* exploit, ie the one we received from CERT, written by Mikael, and that it may be vulnerable to others (I have not seen all the others so I can't be sure, either way.) Unfortunately the people behind security-officer for NetBSD have been next to useless in this case and if you asked me, their largesse in this case would be a good excuse to give them all the ass (it's not a fun job, either.) FreeBSD has not been much better. What compounds my annoyance about all this is the lack of information available to me, at the time. To me the notes looked like someone had specifically developed an ftp daemon to tickle the problem and if that is what it took, I was just simply not interested. Darren _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Sat Oct 12 2002 - 05:48:10 PDT