|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RE: suidperl exploit
From: Joe Oliveiro (joe
webkrew.com)Date: Fri Aug 11 2000 - 09:37:19 CDT
- Next message: Mike Tancsa: "RE: suidperl exploit"
- Previous message: System Administrator: "Re: suidperl exploit"
- In reply to: System Administrator: "Re: suidperl exploit"
- Next in thread: Mike Tancsa: "RE: suidperl exploit"
- Reply: Joe Oliveiro: "RE: suidperl exploit"
- Reply: Mike Tancsa: "RE: suidperl exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I personally think a website would be a great idea. With all the current
exploits around it would make sense to compile a list of what is / isnt
fbsd open to and have it online somewhere.. Question is who is willing to do
the work?
-----Original Message-----
From: owner-freebsd-securityFreeBSD.ORG
[mailto:owner-freebsd-securityFreeBSD.ORG]On Behalf Of System
Administrator
Sent: August 11, 2000 10:30 AM
To: Warner Losh
Cc: Kris Kennaway; Vladimir Mencl, MK, susSED;
freebsd-securityFreeBSD.ORG
Subject: Re: suidperl exploit
Would it be appropriate to have a part of the website dedicated to the
publishing of current security vulnerabilities and how FreeBSD is *not*
affected? :)
-advocacy, I guess... but I think it would be a good idea since we have
a lot of people showing up on the lists saying "is FBSD vulnerable for
this?"
I guess a website is a bit an overkill...
A.
Warner Losh wrote:
>
> In message <Pine.BSF.4.21.0008102034410.95874-100000freefall.freebsd.org>
Kris Kennaway writes:
> : Non-vulnerability alerts like some of the Linux vendors have started
> : issuing are stupid. If there's no problem, there's no problem, and as
long
> : as you provide a reliable service when there *are* problems, there's no
> : need to publicize the negative result. The few people who have heard
about
> : it through other channels and want specific reassurance can easily be
> : accomodated individually through other means (e.g. this list) with much
> : less effort and without the confusion from people who misinterpet the
> : contents of the "advisory" as meaning they have to take some action.
>
> Yes. I agree completely. If that load gets too high, then we can put
> up an notice on a web site. Such notice might not be a bad idea
> anyway, but we don't have a good mechanism for that.
>
> It also would artificially bloat the advisory numbers in bugtraq too,
> which we wouldn't want to do. We want to spend those chits on real
> problems.
>
> Warner
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
-- Antoine Beaupre System Administrator Chemical Computing Group, Inc.To Unsubscribe: send mail to majordomo
To Unsubscribe: send mail to majordomo
- Next message: Mike Tancsa: "RE: suidperl exploit"
- Previous message: System Administrator: "Re: suidperl exploit"
- In reply to: System Administrator: "Re: suidperl exploit"
- Next in thread: Mike Tancsa: "RE: suidperl exploit"
- Reply: Joe Oliveiro: "RE: suidperl exploit"
- Reply: Mike Tancsa: "RE: suidperl exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]