Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!arclight.uoregon.edu!newsfeed.direct.ca!nntp.portal.ca!cynic.portal.ca!not-for-mail From: cjs@cynic.portal.ca (Curt Sampson) Newsgroups: comp.unix.bsd.bsdi.misc,comp.unix.bsd.misc,comp.security.unix Subject: Re: *BSD* Security WWW/Mailing List? Followup-To: alt.flame Date: 20 Apr 1997 22:34:01 -0700 Organization: Internet Portal Services, Inc. Lines: 45 Message-ID: <5jeu89$gdj@cynic.portal.ca> References: <3356E1CC.299E@softway.com.au> <DERAADT.97Apr20113509@zeus.pacifier.com> <5jeb2b$ata@cynic.portal.ca> <DERAADT.97Apr20195500@zeus.pacifier.com> NNTP-Posting-Host: cynic.portal.ca Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6693 comp.unix.bsd.misc:3030 comp.security.unix:33783 In article <DERAADT.97Apr20195500@zeus.pacifier.com>, Theo de Raadt <deraadt@theos.com> wrote: >In article <5jeb2b$ata@cynic.portal.ca> cjs@cynic.portal.ca (Curt Sampson) writes: > > > As has OpenBSD. Although I notice your FTP server still has no way > > of doing anonymous uploads that are secure from abuse by warez-traders. > > I am not pointing this out to get into a spitting match; I'm pointing > this out to show that you too have holes that are not closed, Theo. > >Please describe a hole that can be fixed in _software_. Putting a >writeable directory in your anonftp directory is a system admin error. In other words, OpenBSD doesn't have a problem because it doesn't support anonymous users uploading files. `It's not a security hole; just don't use that feature.' That's one way to close them I suppose. >By the way Curt -- what is your solution? I see no fix for this in >the NetBSD ftpd. So the one who wants me to read his source to find the security problems can't do the same himself, hmm? > >And the source routing controls in the kernel appear > >completely insufficient compared to the threat. > > A typical insinuation. What exactly does the OpenBSD kernel do with > source routed packets that the NetBSD kernel doesn't, Theo? > >It drops them dead, and it bitches too. Always. It won't forward >them and it won't accept them. The NetBSD kernel does the exact same thing if you set the appropriate sysctl variables, just like OpenBSD. In other words, when you say that OpenBSD has bugfixes and security patches that other systems don't, you're just mouthing off without a clue what you're talking about. I think that pretty much puts an end to this dicussion. cjs -- Curt Sampson cjs@portal.ca Info at http://www.portal.ca/ Internet Portal Services, Inc. Through infinite myst, software reverberates Vancouver, BC (604) 257-9400 In code possess'd of invisible folly.