OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: lpd exploit?
From: Ron DuFresne (dufresneWINTERNET.COM)
Date: Fri Dec 08 2000 - 23:20:27 CST

If as it was claimed that this exploit was found on a comromised system,
it has already made it out to the 'public' so to speak.

Thanks,

Ron DuFresne

On Fri, 8 Dec 2000, Theodor Ragnar Gislason wrote:

> It was a polite request to everyone that they respect a coders possibility
> to publish such an exploit to a public arena where his situation can be
> explained. You make it look as if I coded it so script kiddies could crack
> boxes.
>
> I was not trying to ban it since the header clearly indicates that it can
> be distributed.
>
> If you cannot respect that, fine...end of debate.
>
> -
> DiGiT
>
> On Fri, 8 Dec 2000, Graeme Fowler wrote:
>
> > DiGiT wrote:
> > > I would apreciate that neither you or anyone else publish my exploits
> > > to such a medium as this mailinglist or any sort of public arena.
> >
> > Why not? You quite clearly indicate in the copyright notice at the top
> > of the code that:
> >
> > > > * Copyright (c) 2000 - Security.is
> > > > *
> > > > * The following material may be freely redistributed, provided
> > > > * that the code or the disclaimer have not been partly removed,
> > > > * altered or modified in any way. The material is the property
> > > > * of security.is. You are allowed to adopt the represented code
> > > > * in your programs, given that you give credits where it's due.
> >
> > That says 'freely distributed', right? That means (in my understanding)
> > that I can freely distribute it providing I haven't changed or modified
> > the code or disclaimer? Which I haven't done. That code was published
> > exactly as-is, without modification. It also had to pass through the
> > moderator of VULN-DEV prior to publishing; presumably if they thought
> > there were a conflict in some way that the posting would not have been
> > published to the list.
> >
> > I suspect that this thread could spin out of control if we're not
> > careful, since we're going to enter the realms of the
> > full-disclosure-versus-privacy argument. I found your kit on a server I
> > was asked to investigate some problems with - along with code for about
> > 60 other exploits - and following the non-appearance of any exploit code
> > for LPRng on this list, published it - *after* consulting your copyright
> > notice.
> >
> > If you object, change the notice.
> >
> > Have a good weekend
> >
> > Graeme
> >
> >
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D. Just don't touch anything.