Re: lpd exploit?

[Graeme Fowler <graeme.f () WEBFUSION CO UK>]

DiGiT wrote:
> I would apreciate that neither you or anyone else publish my exploits
> to such a medium as this mailinglist or any sort of public arena.

Why not? You quite clearly indicate in the copyright notice at the top
of the code that:

> >  *  Copyright (c) 2000 - Security.is
> >  *
> >  *  The following material may be freely redistributed, provided
> >  *  that the code or the disclaimer have not been partly removed,
> >  *  altered or modified in any way. The material is the property
> >  *  of security.is. You are allowed to adopt the represented code
> >  *  in your programs, given that you give credits where it's due.

That says 'freely distributed', right? That means (in my understanding)
that I can freely distribute it providing I haven't changed or modified
the code or disclaimer? Which I haven't done. That code was published
exactly as-is, without modification. It also had to pass through the
moderator of VULN-DEV prior to publishing; presumably if they thought
there were a conflict in some way that the posting would not have been
published to the list.

I suspect that this thread could spin out of control if we're not
careful, since we're going to enter the realms of the
full-disclosure-versus-privacy argument. I found your kit on a server I
was asked to investigate some problems with - along with code for about
60 other exploits - and following the non-appearance of any exploit code
for LPRng on this list, published it - *after* consulting your copyright
notice.

If you object, change the notice.

Have a good weekend

Graeme