[7419] in bugtraq
Re: Fwd: Any user can panic OpenBSD machine
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Jul 28 15:24:23 1998
Date: Mon, 27 Jul 1998 23:21:20 -0400
Reply-To: perry@piermont.com
From: "Perry E. Metzger" <perry@PIERMONT.COM>
X-To: "Angelos D. Keromytis" <angelos@DSL.CIS.UPENN.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Mon, 27 Jul 1998 21:25:39 EDT."
<199807280125.VAA15730@adk.gr>
"Angelos D. Keromytis" writes:
> In message <19980727180938.41315@dimensional.com>, Michael Fuhr writes:
> >
> >disclosure, isn't it? I for one was appalled at the simplicity of the
> >exploit in what's claimed to be one of the most secure operating
> >systems around, especially since it doesn't appear to be a problem
> >with the other BSDs.
>
> While I'll agree that this is a very lame bug (in the sense that it
> shouldn't exist), one can hardly call it an exploit.
Dunno. If your ISP was running on OpenBSD it would be pretty damn
annoying.
Personally, I find the constant claims that OpenBSD is more secure
than FreeBSD and NetBSD annoying. We all do extensive security
work. This is just another example of a fairly common situation -- in
which OpenBSD has a bug that other BSDs don't. Sometimes it is the
other way around, too, but you'd think from the propaganda that it was
always, or even usually, OpenBSD that was the most secure system.
Perry
