Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!newshub2.home.com!news.home.com!su-news-hub1.bbnplanet.com!news.bbnplanet.com!newsfeed.direct.ca!nntp.portal.ca!cynic.portal.ca!not-for-mail From: cjs@cynic.portal.ca (Curt Sampson) Newsgroups: comp.unix.bsd.bsdi.misc,comp.unix.bsd.misc,comp.security.unix Subject: Re: *BSD* Security WWW/Mailing List? Date: 20 Apr 1997 17:06:35 -0700 Organization: Internet Portal Services, Inc. Lines: 56 Message-ID: <5jeb2b$ata@cynic.portal.ca> References: <3356E1CC.299E@softway.com.au> <DERAADT.97Apr18181055@zeus.pacifier.com> <5jdgaf$34i@cynic.portal.ca> <DERAADT.97Apr20113509@zeus.pacifier.com> NNTP-Posting-Host: cynic.portal.ca Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6686 comp.unix.bsd.misc:3023 comp.security.unix:33771 In article <DERAADT.97Apr20113509@zeus.pacifier.com>, Theo de Raadt <deraadt@theos.com> wrote: > As has OpenBSD. Although I notice your FTP server still has no way > of doing anonymous uploads that are secure from abuse by warez-traders. >[stuff about motes in my eyes, etc. deleted] I am not pointing this out to get into a spitting match; I'm pointing this out to show that you too have holes that are not closed, Theo. You regularly insinuate that you have fixed holes that others haven't, but you never describe the exact holes you fix: you just say `look at our change logs,' which don't describe the attacks at all. Without a proper analysis of the attacks, which you refuse to provide, there's no real evidence that many of the things you have `fixed' were ever broken. >And the source routing controls in the kernel appear >completely insufficient compared to the threat. A typical insinuation. What exactly does the OpenBSD kernel do with source routed packets that the NetBSD kernel doesn't, Theo? > But heck, let's spend our time making snide comments instead of > working to fix security problems and share the information so that > the fixes can be as widely distributed as possible. > >Yes, Curt, that's exactly what you are doing!!! Oh, you mean *I* was the one that posted the snide comment in response to the FreeBSD folks. Sorry for putting your name in the From: line, Theo. >I look forward to the day we are able to look at cvs logs for the >NetBSD source tree! So do we all. But I think that's been gone over already. >The fixes are there, and they are shared with the world. The fixes are not as important as proper descriptions of the problem, Theo. It's very difficult to work back to the original problem from your fix, and thus even more difficult to verify that your fix is correct. >When we got fixes from other people, we gave credit. Yeah, it's just when you take entire ports that you don't give credit, hmm? If you've got the name of the person who wrote your Alpha port anywhere outside the source code, it's well hidden enough that I can't find it. And that goes for a lot of other code, too. cjs -- Curt Sampson cjs@portal.ca Info at http://www.portal.ca/ Internet Portal Services, Inc. Through infinite myst, software reverberates Vancouver, BC (604) 257-9400 In code possess'd of invisible folly.