Re: Some work needed

[White Vampire <whitevampire () mindless com>]

On Mon, Aug 07, 2000 at 10:40:37PM +0000, Luis Pinto(lmpinto () STUDENT DEI UC PT) wrote:
:       Great. sperl5.00503 ships with RedHat 6.2, dont know about other
: distros. That means we have one working exploit for the latest distro,
: being used in hundreds of multi user machines, some of them dependent on
: sperl.

        Fix your machine, quit bitching.  That simple.  It is the
responsibility of all the other users/admins to fix their security even
if a ready-to-use RPM is not available.

        I personally would be rather notified via a public disclosure
system than have a bunch of little kiddies running around with such
knowledge.

        You are being rather harsh.  Perhaps I am too.  My opinion
simply differs.  I would rather take care of things than obfuscate them
(temporarily or not).

        I had already removed the SUID bit from 'suidperl' on most of my
Perl-installed machines.  If you are leaving something SUID when you do
not need it, you are taking the first step to a bad security policy.

:        I will save the rants about the difference between responsability
: and full disclosure for some other time...

        I am actually somewhat curious about your opinion.  However it
is not really suited for the list.

Regards,
-- 
    __      ______   ____
   /  \    /  \   \ /   / White Vampire\Rem
   \   \/\/   /\   Y   /  http://www.projectgamma.com/
    \        /  \     /   http://www.webfringe.com/
     \__/\  /    \___/    http://www.gammaforce.org/
          \/ "Silly hacker, root is for administrators."

Attachment: _bin
Description: