Re: FreeBSD Security Advisory: FreeBSD-SA-00:62.top [REISSUED]

[Warner Losh <imp () VILLAGE ORG>]

In message <Pine.BSO.4.21.0011071255400.30141-100000 () new wiretapped net> vort-fu writes:
: ps. This was sent to the openbsd team, and patched, a month or so ago. How
: can the freebsd team justify the lateness in applying their patch
: (especially considering that they felt it was exploitable)?

Is this a retorical question, or have you stopped beating your wife?

I fixed top in the first place on October 4, the same day that OpenBSD
fixed their top.  I thought I had fixed all of the places where it was
wrong.  I missed one.  On November 3 I got a bug report that I had
missed it and within an hour I'd committed a change.  We didn't hold
anything back on purpose.

I don't know if it is exploitable or not.  It was felt that it would
be better to release an advisory just to make sure people updated in
case someone who is very clever in the future can create an exploit.

As near as I can tell from my security-officer () freebsd org archive,
you didn't try to inform us about the hole directly.  We would welcome
you letting us know in the future at the same time as you let OpenBSD
know.

Warner