Vulnerability Development mailing list archives
Re: Some work needed
From: White Vampire <whitevampire () mindless com>
Date: Tue, 8 Aug 2000 12:29:25 -0400
On Mon, Aug 07, 2000 at 10:40:37PM +0000, Luis Pinto(lmpinto () STUDENT DEI UC PT) wrote: : Great. sperl5.00503 ships with RedHat 6.2, dont know about other : distros. That means we have one working exploit for the latest distro, : being used in hundreds of multi user machines, some of them dependent on : sperl. Fix your machine, quit bitching. That simple. It is the responsibility of all the other users/admins to fix their security even if a ready-to-use RPM is not available. I personally would be rather notified via a public disclosure system than have a bunch of little kiddies running around with such knowledge. You are being rather harsh. Perhaps I am too. My opinion simply differs. I would rather take care of things than obfuscate them (temporarily or not). I had already removed the SUID bit from 'suidperl' on most of my Perl-installed machines. If you are leaving something SUID when you do not need it, you are taking the first step to a bad security policy. : I will save the rants about the difference between responsability : and full disclosure for some other time... I am actually somewhat curious about your opinion. However it is not really suited for the list. Regards, -- __ ______ ____ / \ / \ \ / / White Vampire\Rem \ \/\/ /\ Y / http://www.projectgamma.com/ \ / \ / http://www.webfringe.com/ \__/\ / \___/ http://www.gammaforce.org/ \/ "Silly hacker, root is for administrators."
Attachment:
_bin
Description:
Current thread:
- Some work needed Michal Zalewski (Aug 06)
- Re: Some work needed Jonathan Leto (Aug 07)
- Re: Some work needed Michal Zalewski (Aug 08)
- Re: Some work needed White Vampire (Aug 09)
- Re: Some work needed Luis Pinto (Aug 08)
- Re: Some work needed White Vampire (Aug 09)
- Re: Perl exploit (was: Some work needed) Rafal Wojtczuk (Aug 08)
- Re: Some work needed Jonathan Leto (Aug 07)