Full Disclosure mailing list archives
Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
From: purplebag <purplebag () gmail com>
Date: Thu, 23 Mar 2006 23:09:34 -0500
On 3/23/06, Theo de Raadt <deraadt () cvs openbsd org> wrote:
Sendmail is, as we know, the most used daemon for SMTP in the world. This is an International Infrastructure vulnerability and should have been treated that way. It wasn't. It was handled not only poorly, but irresponsibly.You would probably expect me to the be last person to say that Sendmail is perfectly within their rights. I have had a lot of problems with what they are doing.
I think people expect you to be as you are.
But what did you pay for Sendmail? Was it a dollar, or was it more? Let me guess. It was much less than a dollar. I bet you paid nothing. So does anyone owe you anything, let alone a particular process which you demand with such length? Now, the same holds true with OpenSSH. I'll tell you what. If there is ever a security problem (again :) in OpenSSH we will disclose it exactly like we want, and in no other way, and quite frankly since noone has ever paid a cent for it's development they have nothing they can say about it. Dear non-paying user -- please remember your place.
I seem to recall that DARPA funded a good bit of your work. I also seem to recall that I and many others funded DARPA. Kindly submit to the will of us all.
Or run something else. OK?
Or simply cut off funding. The game can be played both ways.
Luckily within a few months you will be able to tell Sendmail how to disclose their bugs because their next version is going to come out with a much more commercial licence. Then you can pay for it, and then you can complain too. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Purple Bag Society of the Crown _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 23)
- trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 23)
- Re: trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Valdis . Kletnieks (Mar 24)
- Re: trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 24)
- Re: trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Valdis . Kletnieks (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mike Owen (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Dragos Ruiu (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt (Mar 23)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) purplebag (Mar 23)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Blue Boar (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Tim (Mar 24)
- RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael A Fusaro II (Mar 24)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Anders B Jansson (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Casper . Dik (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Coleman Kane (Mar 27)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Eric Allman (Mar 24)
(Thread continues...)
- trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 23)