|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: suidperl exploit
From: Kris Kennaway (kris
FreeBSD.org)Date: Thu Aug 10 2000 - 22:38:25 CDT
- Next message: Warner Losh: "Re: suidperl exploit"
- Previous message: Warner Losh: "Re: suidperl exploit"
- In reply to: Warner Losh: "Re: suidperl exploit"
- Next in thread: Warner Losh: "Re: suidperl exploit"
- Reply: Kris Kennaway: "Re: suidperl exploit"
- Reply: Warner Losh: "Re: suidperl exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 10 Aug 2000, Warner Losh wrote:
> So no advisory is needed. This is a case where we need a
> non-vulnerabilty alert :-). Of course, such an alert is likely to
> cause more problems than it would solve....
Non-vulnerability alerts like some of the Linux vendors have started
issuing are stupid. If there's no problem, there's no problem, and as long
as you provide a reliable service when there *are* problems, there's no
need to publicize the negative result. The few people who have heard about
it through other channels and want specific reassurance can easily be
accomodated individually through other means (e.g. this list) with much
less effort and without the confusion from people who misinterpet the
contents of the "advisory" as meaning they have to take some action.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythealum.mit.edu>
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Warner Losh: "Re: suidperl exploit"
- Previous message: Warner Losh: "Re: suidperl exploit"
- In reply to: Warner Losh: "Re: suidperl exploit"
- Next in thread: Warner Losh: "Re: suidperl exploit"
- Reply: Kris Kennaway: "Re: suidperl exploit"
- Reply: Warner Losh: "Re: suidperl exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]