|
Vulnerability Development
mailing list archives
Re: lpd exploit?
From: Graeme Fowler <graeme.f () WEBFUSION CO UK>
Date: Fri, 8 Dec 2000 17:03:54 -0000
DiGiT wrote:
I would apreciate that neither you or anyone else publish my exploits
to such a medium as this mailinglist or any sort of public arena.
Why not? You quite clearly indicate in the copyright notice at the top
of the code that:
* Copyright (c) 2000 - Security.is
*
* The following material may be freely redistributed, provided
* that the code or the disclaimer have not been partly removed,
* altered or modified in any way. The material is the property
* of security.is. You are allowed to adopt the represented code
* in your programs, given that you give credits where it's due.
That says 'freely distributed', right? That means (in my understanding)
that I can freely distribute it providing I haven't changed or modified
the code or disclaimer? Which I haven't done. That code was published
exactly as-is, without modification. It also had to pass through the
moderator of VULN-DEV prior to publishing; presumably if they thought
there were a conflict in some way that the posting would not have been
published to the list.
I suspect that this thread could spin out of control if we're not
careful, since we're going to enter the realms of the
full-disclosure-versus-privacy argument. I found your kit on a server I
was asked to investigate some problems with - along with code for about
60 other exploits - and following the non-appearance of any exploit code
for LPRng on this list, published it - *after* consulting your copyright
notice.
If you object, change the notice.
Have a good weekend
Graeme
 By Date 
By Thread
Current thread:
- Re: lpd exploit?, (continued)
|
Intro
