Re: Fwd: Any user can panic OpenBSD machine

[luomat () PEAK ORG (Timothy J Luoma)]

        Author: "Perry E. Metzger" <perry () piermont com>
        Date:   Mon, 27 Jul 1998 23:21:20 -0400
        ID:     <199807280321.XAA08929 () jekyll piermont com>

> > While I'll agree that this is a very lame bug (in the sense
> > that it shouldn't exist), one can hardly call it an exploit.
>
> Dunno. If your ISP was running on OpenBSD it would be pretty damn
> annoying.

Sure, annoying, but an exploit?  Is BugTraq going to start publishing all
local attacks and crashers?


> Personally, I find the constant claims that OpenBSD is more secure
> than FreeBSD and NetBSD annoying. We all do extensive security
> work. This is just another example of a fairly common situation -- in
> which OpenBSD has a bug that other BSDs don't. Sometimes it is the
> other way around, too, but you'd think from the propaganda that it was
> always, or even usually, OpenBSD that was the most secure system.

I've seen a lot more exploits for Free-/Net- BSD posted to BugTraq than for
OpenBSD.

I haven't seen any remote exploits for OpenBSD in recent memory, nor any
root exploits local or remote.

Saying that this _one_ example "proves" that OpenBSD is not more secure than
Free-/Net- BSD doesn't really seem rational.

TjL


--
I go offline on 31 July 1998
Mail delivered to "luomat () peak org" will eventually be
read, but I can't promise how many days/weeks/months it will be.