Re: Telnetd exploit for solaris

[Marc Soda <msoda () aspre net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> What's wrong with just giving a detailed explanation that aids in
> how to fix the problem in detail compared to something that can just
> be compiled straight off the list.

Would you stake your job and reputation on that?  I NEED to see that
the patch I am applying worked before I put my seal of approval on it.
To many times vendor patches don't solve the problem and without the
exploit to test it, you'll never know.  Granted, you could take this
to the extreme and just write your own telnetd or whatever, but that's
a little impractical. ;)

I think it's every good sysadmin's duty to perform their own analysis,
otherwise we're just mindless drones, applying a patch when we're told
to.  You can't take pride in that.  If you blindly trust everything
you hear, without seeing for yourself, you won't last long in this
business.

Or maybe he just has an obsession with knowing how things work.  I
know I do... to a fault.

- -- 

Marc Soda
ASPRE, Inc.
marc () aspre net
http://www.aspre.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7mMJy8/oGPCGMSEgRAurkAJ971UOKKOHEQbB9z6nE6thz48k2GwCg5lj5
46lJO8I5jBQ2Vq3bLjyacMU=
=iglx
-----END PGP SIGNATURE-----