Re: [tlug] OpenBSD local exploit

[Matt Doughty <mdoughty@example.com>]

On Fri, Apr 12, 2002 at 10:15:28AM +0900, Christopher SEKIYA wrote:
> On Fri, Apr 12, 2002 at 09:40:15AM +0900, Matt Doughty wrote:
> 
> > It seems an exploit is already in the wild.
> 
> FWIW, the other *BSDs are not vulnerable.  This was an old vulnerability 
> that got reintroduced in OpenBSD 2.9.
> 

Added to that did you see the stupid sanity check they removed (aparently
for the second time)? I would love to know what the developer in question
was thinking.  Fact is Open isn't using a different security model from
the rest of so their 'better security' is just an illusion.  They also 
aren't very good at auditing code if the recent bound checking errors in
OpenSSH and this little botch up with mail are any indication. Don't buy
the hype people.

--Matt
-- 
"Take away them collisions and the common channel and it's like Christianity 
 without Christ." -Jim Breen (speaking about "full-duplex" Ethernet)