*BSD News Article 55276


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!yarrina.connect.com.au!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!swrinde!newsfeed.internetmci.com!in1.uu.net!EU.net!Germany.EU.net!zib-berlin.de!news.tu-chemnitz.de!irz401!uriah.heep!not-for-mail
From: j@uriah.heep.sax.de (J Wunsch)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: What OS for an ISP to use?
Date: 18 Nov 1995 13:01:25 +0100
Organization: Private FreeBSD site, Dresden.
Lines: 28
Message-ID: <48khul$ksb@uriah.heep.sax.de>
References: <1995Nov15.130421.1503@hobbes.kzoo.edu> <48dbgq$g4s@agate.berkeley.edu>
NNTP-Posting-Host: uriah.heep.sax.de
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

Nick Kralevich <nickkral@parker.EECS.Berkeley.EDU> wrote:

>Also, security coverage under Linux appears to be more extensive than 
>under FreeBSD.

This might or might not be right, but your argument:

>and the Linux security mailing lists, regarding the telnetd 
>environment variable security hole (see comp.security.announce for
>more information).  Even those this problem effected FreeBSD,
>there was no discussion in c.u.b.f.m regarding this.

...doesn't prove this.

The telnetd security hole has been pre-announced by the originator to
the various operating system vendors three weeks in advance of the
CERT advisory.  For FreeBSD, this message has been sent to the
freebsd-core list, and the appropriate fix went into the source tree
before the CERT advisory was out.  There was evidently no real need to
discuss this publically in Usenet.

(In addition, Nick, you know very well that most of the discussions
regarding FreeBSD's development don't happen in Usenet anyway.)
-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)