Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c
To: None <dyson@freebsd.org>
From: Theo de Raadt <deraadt@theos.com>
List: tech-userlevel
Date: 10/19/1996 00:34:14
> > Ah, yes. I've been watching this thread with some amount of amusement, as
> > have other OpenBSD developers.
> >
> > Yes, please back it out. I would rather have OpenBSD remain the most secure
> > version of UNIX that money can't buy.
> >
>
> The THING about OpenBSD security is pretty much unsubstantiated. I think
> that it is kind of funny (odd)... Very few outside of OpenBSD have been
> provided with any kind of digest as to the security fixes... Sounds like
> marketing claims to me!!!
>
> Additionally, that "fix" was simply the wrong thing to do, and there are
> better ways to deal with the problem. If the zeroing the buffer in db
> was typical of the ways that others are "fixing" security, well... Sad... :-(.
Ah John, ever eager to continue a flame war aren't you.
In fact, I think a lot of you need to do a bit more homework and check
a few more programs in the source tree to see if you guys have caught
all the cases. Quite frankly the coredump story is not over, and
there's a few other things you should really think of.
But you people are so ready and eager to flame, so you are on your own.
You'll see nothing more about this from me, here. See you guys in
bugtraq, if any place at all.