[7432] in bugtraq
Re: Fwd: Any user can panic OpenBSD machine
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Jul 28 20:49:22 1998
Date: Tue, 28 Jul 1998 14:59:52 -0400
Reply-To: perry@piermont.com
From: "Perry E. Metzger" <perry@PIERMONT.COM>
X-To: Theo de Raadt <deraadt@cvs.openbsd.org>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Tue, 28 Jul 1998 12:47:29 MDT."
<199807281847.MAA01158@cvs.openbsd.org>
Theo de Raadt writes:
> > Dunno. If your ISP was running on OpenBSD it would be pretty damn
> > annoying.
>
> Sure it would be. Luckily the kernel debugger tells you which user
> did it. Now, shall I list 50 ways to crash a NetBSD box from the
> shell?
I would highly appreciate it if you would. The NetBSD project believes
in the same philosophy of open disclosure that the BUGTRAQ mailing
list runs on. What you know about you can fix, what you don't know
about *can* hurt you. By all means, please make your list public. If
you tell us about these 50 ways to crash a NetBSD box from the shell,
we can fix them. If you don't tell us about them, we cannot fix them.
We find lots of bugs all the time and fix them on our own (and make
the fact that we have found them public so that other free unix
variants can fix them if they suffer from the same bug.) However, no
one is perfect -- not FreeBSD, not NetBSD, not OpenBSD. If you do have
a list of defects in NetBSD security that are not fixed in -current,
we would greatly appreciate getting them so that we could apply fixes.
Perry
