reporter on deadline seeks comment about reported security bug
in FreeBSD
Jerry
gesbbb at yahoo.com
Wed Sep 16 11:08:58 UTC 2009
On Tue, 15 Sep 2009 23:47:10 -0700
perryh at pluto.rain.com wrote:
> Jerry <gesbbb at yahoo.com> wrote:
> > Waiting until someone is harmed is tantamount to being an
> > accomplice to the act.
>
> And providing details of a currently-undefendable vulnerability
> to a black hat who did not previously know about it, thereby
> enabling the black hat to perpetrate harm that would otherwise
> not have occurred, isn't?
The simple act of publishing the fact that a know exploit exists for a
given program compromises nothing. Example:
WARN: The following program(s) have known exploits.
PROGRAM: prog-name
PROGRAM VERSION: 2.4
OS: FreeBSD-7.2+
EXPLOIT: Potential to render HD inaccessible
PATCH: NONE AVAILABLE
SUGGESTION: If prog-name is not imperative to system
performance, remove it and consider using a similar
product by another author.
A simple solution that affords the end user the right to make an
informed decision. I realize that governments, especially
socialistic/fascists ones use the terms 'censorship' and 'secret' with
the term 'For their own good' interchangeable. I would hate to see the
open-source community, especially FBSD embracing that philosophy.
--
Jerry
gesbbb at yahoo.com
Progress is impossible without change, and those who
cannot change their minds cannot change anything.
George Bernard Shaw
More information about the freebsd-questions
mailing list