Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!ais.net!uunet!in2.uu.net!192.109.159.3!news.gtn.com!inn.aball.de!news.knipp.de!anarch!news.chemietechnik.uni-dortmund.de!Uni-Dortmund.DE!Dortmund.Germany.EU.net!interface-business.de!usenet From: j@ida.interface-business.de (J Wunsch) Newsgroups: comp.unix.bsd.bsdi.misc,comp.unix.bsd.misc,comp.security.unix Subject: Re: *BSD* Security WWW/Mailing List? Date: 22 Apr 1997 09:02:30 GMT Organization: interface business GmbH, Dresden Lines: 25 Message-ID: <5jhur6$51u@innocence.interface-business.de> References: <3356E1CC.299E@softway.com.au> <335798C2.167EB0E7@freebsd.org> <DERAADT.97Apr18181055@zeus.pacifier.com> <slrn5li6bf.rjd.tqbf@char-star.rdist.org> <5jd1jt$m30@web.nmti.com> <slrn5ll06k.kd3.tqbf@char-star.rdist.org> Reply-To: joerg_wunsch@interface-business.de (Joerg Wunsch) NNTP-Posting-Host: ida.interface-business.de X-Newsreader: knews 0.9.6 X-Phone: +49-351-31809-14 X-Fax: +49-351-3361187 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6715 comp.unix.bsd.misc:3058 comp.security.unix:33852 tqbf@char-star.rdist.org (Thomas H. Ptacek) wrote: > >> FreeBSD is also the first operating system in the history of Unix to have > >> a published security vulnerability in crt0 start(). =) > >The others just haven't admitted it? > > None of the other BSD's have had one. =) "operating system" != "BSD only" You wrote about "operating system" first, and i seem to remember that some (early) SVR4 version had an at least as wide security hole in that they allowed for LD_LIBRARY_PATH even for set[ug]id binaries. Btw., to be fair you should also notice that NetBSD simply didn't pay any attention to localization. OpenBSD started after FreeBSD 2.1, so they could already learn from our mistakes. There's absolutely no reason for you to get malicious about us here. Unless you are God (who is by definition unfailable), you also occasionally make mistakes. I simply dislike your attitude. -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de http://www.interface-business.de/~j