[7437] in bugtraq
Re: Fwd: Any user can panic OpenBSD machine
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Tue Jul 28 20:57:05 1998
Date: Tue, 28 Jul 1998 13:06:55 -0600
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To: perry@piermont.com
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Tue, 28 Jul 1998 14:59:52 EDT."
<199807281859.OAA12154@jekyll.piermont.com>
> Theo de Raadt writes:
> > > Dunno. If your ISP was running on OpenBSD it would be pretty damn
> > > annoying.
> >
> > Sure it would be. Luckily the kernel debugger tells you which user
> > did it. Now, shall I list 50 ways to crash a NetBSD box from the
> > shell?
>
> I would highly appreciate it if you would. The NetBSD project believes
> in the same philosophy of open disclosure that the BUGTRAQ mailing
> list runs on. What you know about you can fix, what you don't know
> about *can* hurt you. By all means, please make your list public. If
> you tell us about these 50 ways to crash a NetBSD box from the shell,
> we can fix them. If you don't tell us about them, we cannot fix them.
Our source tree is available for anonymous cvs. You can look at it.
Detailed commit messages are available.
> If you do have
> a list of defects in NetBSD security that are not fixed in -current,
> we would greatly appreciate getting them so that we could apply fixes.
How about the various problems at http://www.openbsd.org/security.html
which have been sitting there for months?
I'm sorry, Perry. I am not being paid to audit your insecure little
operating system managed by nasty argumentative people.
