Re: Locally exploitable races? OpenBSD

[Zvezdelin <zvezdi@freenet.nether.net>]

On Tue, 5 Jun 2001, Todd C. Miller wrote:

> What he's talking about is completely irrelevant because it requires
> things use rfork() and nothing in the system does...
> 
> Should the races get fixed?  Yes.
> Is it a real problem?  Nope.
> Should developers respond to obvious flame bait?  No again.
> 
>  - todd
> 
I want to share my thoughts on the above with you... 
and please dont take it as flames, cause they arent

Now, I thought of OpenBSD and its developers as people who
care for security and satbility more than anything else,
well not exactly. It looks like fixing security related and stability
related is les important in the priority list than say www site and
docs.....

Now, if you read the message carefully you'll see that the person has
infomed Theo couple of weeks ago and has offered assistance. Looks
to me [and it is beeing presented] as that Theo didn't react at all,
and now the same thing: no reaction at all.

So, OpenBSD is on the first line on the Bugtraq to say "we arent vuln to
this" , this problem is fixed couple of months ago etc., and when it goes
to addmiting problems in the OpenBSD, it is not exactly the same?
Yeah, I know, there have been times where it had been different,
but ...

And 1 more thing, dont say that because this software is free,
you the people who take care of it, present it the way it is
and you're responsible for anything. Yes, tecnically you are not,
by Law too, but don't forget that some things are into your mind,
and you can't make it shut up when you knew about a problem and did not
had the courage or honesty to admit it and fixed it ASAP.

You cant be very strict on one thing [like ipfliter] and be sloppy on
others. You are either strict or sloppy, not anything between.

Sorry, 
but that is what I think on this subject, and maybe it didn't worthed
saying it, but at least I tried.

With all the respect to you and your Job -- OpenBSD,
Zvezdelin