Re: Fwd: Any user can panic OpenBSD machine

[deraadt () CVS OPENBSD ORG (Theo de Raadt)]

> True, but the point remains.  Despite the fact that *BSD and Linux
> are more often used on single-user workstations than large servers,
> both OS's are gaining acceptance in the latter arena.  As such, it
> is wise to be aware of methods for local users to Do Bad Things (tm).

Said the pot to the kettle.

Go at it -- if you don't run OpenBSD, you have a couple hundred extra
/tmp races to deal with.

Does this sound like a change in topic?  I don't think so.  We have
done tons to improve localhost security (races, protocols, not just
buffer overflows like most other people fix).  But there will always
be crashes.  Sorry.  We Do What We Can.  We really don't expect to be
mauled to death when some little crash gets reported.


> > Ob-BUGTRAQ-Posting:
> >
> > If you are logged into an NT box, you can type CTRL-ALT-DEL and take
> > the system down.
>
> Ok, so NT is a bad example.  :-)  Such a post WRT Linux would be
> equally stupid.  However, we're talking about stuff *local users* can
> do, not just someone who has access to the console.

Sorry, but I must continue to disagree about the relevance of this
entire issue to bugtraq.  Question: What have you learned now that
this crash report has turned into 20 bugtraq postings, half of them
posted after a fix for the problem was available?

Shall we have a similar discussion the next time we find a way to crash
the system?

Are these crashes really that much more interesting than completely
new issues like www.openbsd.org/errata.html#fdalloc, which affect
every single operating system, and yet did not get discussed on
bugtraq?