Bugtraq mailing list archives
Re: OpenBSD Exploit
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Mon, 6 Nov 2000 14:50:40 -0500
On Mon, 6 Nov 2000, Christian Ruediger Bahls wrote:
i do understand that there are some hidden vulnerabilities in OpenBSD but i would appreciate to get this information from OpenBSD .. and most important: after they fixed it ..
[i am nothing more than an OpenBSD user and advocate. i do not participate in the team.] i have been seeing this a lot lately, a complaint that the OpenBSD team fixes a lot of bugs without much publicity. this is often seen as hubris by some, conniving and blind disregard for the userbase by others. in fact, it's none of the above. the openbsd team is continually working to improve the security, as well as the functionality, of the code. you are welcome to participate in this process actively or passively. you can do this through several methods: o join a mailing list. several exist that discuss the security and general bugfixes, and the code itself, and are archived in several locations around the world. the full list and information can be found on the OpenBSD website at http://www.openbsd.org/mail.html. i reccomend that you check out the lists 'security-announce', 'tech', 'bugs', 'source-changes' and 'announce' to either receive or submit information from or to the OpenBSD team. o the daily CVS updates. you can grab the daily CVS snapshot and have a look at what changed. this can be a bit time consuming, but hey, don't blame others for your lack of effort. please see http://www.openbsd.org/anoncvs.html for information about obtaining current code by CVS. o don't forget, have a look at the daily changelog. this covers most of the important changes, both functionality and security, between the current formal release and -current, the development branch. please see http://www.openbsd.org/plus.html for information and links. it's a lot to keep up on, yes. and it's difficult sometimes to think about rebuilding a kernel on a key server to implement a patch that you've noticed affects you (ie empty ESP/AH frames crashing the kernel). still, the information is there. it just takes some effort on your part to find it. you should be paying attention, anyhow, to any reliability/feature/security fixes from your vendor(s) anyhow. jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- OpenBSD Exploit rloxley (Nov 06)
- Re: OpenBSD Exploit Brett Lymn (Nov 07)
- Re: OpenBSD Exploit Artur Grabowski (Nov 07)
- Re: OpenBSD Exploit Christian Ruediger Bahls (Nov 07)
- Re: OpenBSD Exploit Jose Nazario (Nov 07)
- Re: OpenBSD Exploit cripto (Nov 09)
- <Possible follow-ups>
- OpenBSD Exploit rloxley (Nov 09)