Bugtraq mailing list archives
Re: LD_PROFILE local root exploit for solaris 2.6
From: Valdis.Kletnieks () VT EDU (Valdis.Kletnieks () VT EDU)
Date: Sun, 26 Sep 1999 08:58:33 -0400
On Fri, 24 Sep 1999 10:00:46 BST, Darren Moffat - Solaris Sustaining Engineering <darren.moffat () SUNUK UK SUN COM> said:
I strongly recommend that people apply the latest recommended and security patch sets when testing out security exploits. That way you won't send out information about exploits which have been long fixed and needlessly panic people.
Good advice, as far as it goes. Yes, installing the latest fixes first before reporting a bug is a Good Idea (since the vendor will say first thing "Have you installed all the latest fixes?" and it's always good to patch OTHER problems before they hit). But.... Something we here on Bugtraq often lose sight of (since we as a group are preaching to the choir) is that perhaps sometimes panicing the people is needed. Remember - the *reason* we keep seeing old long-fixed patches is because there's machines out there that aren't patched. Unfortunately, I don't have a better answer to how to get people to install patches other than panicing them. And of course, the people who need panicing aren't Bugtraq subscribers. Or maybe they are - in which case causing a panic is overall a Good Thing. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech <!-- attachment="bin0a28646" --> <HR> <UL> <LI>application/pgp-signature attachment: stored </UL>
Current thread:
- Re: LD_PROFILE local root exploit for solaris 2.6 Darren Moffat - Solaris Sustaining Engineering (Sep 24)
- Re: LD_PROFILE local root exploit for solaris 2.6 Valdis.Kletnieks () VT EDU (Sep 26)