[8946] in bugtraq

home help back first fref pref prev next nref lref last post

Re: SUN almost has a clue! (automountd)

daemon@ATHENA.MIT.EDU (Alan Cox)
Tue Jan 5 12:08:25 1999

Date: 	Tue, 5 Jan 1999 11:39:36 +0000
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To:         scott@bernadette.net
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <199901050523.XAA03706@xena.poteidaia.net> from "Scott" at Jan 4,
              99 11:23:48 pm

>   I've been dealing with Sun for 12 years.  I've never heard anyone make this
> claim.  And in truth, as we all know, it doesn't take 3 months to test a patch.

Allow me to repeat his experience. The socket ioctl hole that allowed any user
to demolish your entire lan was reported to Sun, I got a message from Casper
acking it and saying he'd fixed it. Over twelve months later and after
posting exploits to bugtraq the patch finally got released.

I'm quite fond of sun kit - they make nice boxes, but they have _real_
problems somewhere in the management structure for releasing patches/updates.

Alan

home help back first fref pref prev next nref lref last post