|
Vulnerability Development
mailing list archives
Re: Some work needed
From: White Vampire <whitevampire () mindless com>
Date: Tue, 8 Aug 2000 12:29:25 -0400
On Mon, Aug 07, 2000 at 10:40:37PM +0000, Luis Pinto(lmpinto () STUDENT DEI UC PT) wrote:
: Great. sperl5.00503 ships with RedHat 6.2, dont know about other
: distros. That means we have one working exploit for the latest distro,
: being used in hundreds of multi user machines, some of them dependent on
: sperl.
Fix your machine, quit bitching. That simple. It is the
responsibility of all the other users/admins to fix their security even
if a ready-to-use RPM is not available.
I personally would be rather notified via a public disclosure
system than have a bunch of little kiddies running around with such
knowledge.
You are being rather harsh. Perhaps I am too. My opinion
simply differs. I would rather take care of things than obfuscate them
(temporarily or not).
I had already removed the SUID bit from 'suidperl' on most of my
Perl-installed machines. If you are leaving something SUID when you do
not need it, you are taking the first step to a bad security policy.
: I will save the rants about the difference between responsability
: and full disclosure for some other time...
I am actually somewhat curious about your opinion. However it
is not really suited for the list.
Regards,
--
__ ______ ____
/ \ / \ \ / / White Vampire\Rem
\ \/\/ /\ Y / http://www.projectgamma.com/
\ / \ / http://www.webfringe.com/
\__/\ / \___/ http://www.gammaforce.org/
\/ "Silly hacker, root is for administrators."
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
|
Intro
