[7436] in bugtraq
Re: Fwd: Any user can panic OpenBSD machine
daemon@ATHENA.MIT.EDU (Timothy J Luoma)
Tue Jul 28 20:49:26 1998
Date: Tue, 28 Jul 1998 15:19:45 -0400
Reply-To: Timothy J Luoma <luomat@PEAK.ORG>
From: Timothy J Luoma <luomat@PEAK.ORG>
X-To: perry@piermont.com
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807280321.XAA08929@jekyll.piermont.com>
Author: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 27 Jul 1998 23:21:20 -0400
ID: <199807280321.XAA08929@jekyll.piermont.com>
> > While I'll agree that this is a very lame bug (in the sense
> > that it shouldn't exist), one can hardly call it an exploit.
>
> Dunno. If your ISP was running on OpenBSD it would be pretty damn
> annoying.
Sure, annoying, but an exploit? Is BugTraq going to start publishing all
local attacks and crashers?
> Personally, I find the constant claims that OpenBSD is more secure
> than FreeBSD and NetBSD annoying. We all do extensive security
> work. This is just another example of a fairly common situation -- in
> which OpenBSD has a bug that other BSDs don't. Sometimes it is the
> other way around, too, but you'd think from the propaganda that it was
> always, or even usually, OpenBSD that was the most secure system.
I've seen a lot more exploits for Free-/Net- BSD posted to BugTraq than for
OpenBSD.
I haven't seen any remote exploits for OpenBSD in recent memory, nor any
root exploits local or remote.
Saying that this _one_ example "proves" that OpenBSD is not more secure than
Free-/Net- BSD doesn't really seem rational.
TjL
--
I go offline on 31 July 1998
Mail delivered to "luomat@peak.org" will eventually be
read, but I can't promise how many days/weeks/months it will be.
