From: Arthur Krewat <krewat@kilonet.net>
To: Warner Losh <imp@bsdimp.com>
Cc: TUHS main list <tuhs@minnie.tuhs.org>
Subject: Re: [TUHS] SunOS code?
Date: Wed, 5 Sep 2018 11:43:53 -0400 [thread overview]
Message-ID: <a5f18bfe-8010-2bc1-6dc2-1c7c837aa36b@kilonet.net> (raw)
In-Reply-To: <CANCZdfrvtbtN7Kfg3EeB3gYHvWUxOEb7OLT31zjGNxd0YVZQ2w@mail.gmail.com>
On 9/5/2018 11:26 AM, Warner Losh wrote:
>
> I'm not sure it does. It proves that bugs aren't instantly found,
> true. It doesn't provide perfection, but does make it easier to find /
> fix bugs before the bad guys. How long would such a bug have
> languished it if were buried inside of DCL.B32 instead of being out in
> the open?
It depends on how it was found in the first place. A quick Google
doesn't tell me much about exactly how it was discovered initially. Nor
is there any background information that says it wasn't (or was)
exploited before the announcement. Was it discovered because someone
(Stéphane Chazelas) was just reading open source code? Or was he trying
to do something innocent and it broke in such a way that it was obvious
bash was doing something bad? Or was he investigating a break-in and
found the vector? Serious questions, I'd love to hear from anyone who
knows more.
My original point remains: Open Source doesn't necessarily mean more
secure if a really bad exploit was allowed to exist for 25 years.
No offense intended to anyone on this list.
ak
next prev parent reply other threads:[~2018-09-05 15:44 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-30 21:34 Noel Chiappa
2018-08-31 1:59 ` Kevin Bowling
2018-08-31 21:34 ` Cág
2018-08-31 21:39 ` Clem Cole
2018-08-31 21:47 ` Arthur Krewat
2018-08-31 21:57 ` Warner Losh
2018-08-31 21:58 ` Larry McVoy
2018-08-31 22:02 ` Warner Losh
2018-08-31 22:19 ` Cág
2018-08-31 22:23 ` Jon Forrest
2018-08-31 22:30 ` Cág
2018-08-31 22:34 ` Jon Forrest
2018-09-01 10:46 ` Donald ODona
2018-08-31 22:20 ` Cág
2018-08-31 23:02 ` Arthur Krewat
2018-09-01 1:57 ` Larry McVoy
2018-09-01 3:23 ` Theodore Y. Ts'o
2018-09-01 16:29 ` Kevin Bowling
2018-09-01 16:35 ` Larry McVoy
2018-09-01 19:32 ` Clem Cole
2018-09-01 16:27 ` Kevin Bowling
2018-09-01 17:17 ` Arthur Krewat
2018-09-01 22:19 ` Theodore Y. Ts'o
2018-09-02 5:05 ` Kevin Bowling
2018-09-02 19:43 ` Theodore Y. Ts'o
2018-09-04 11:47 ` Kevin Bowling
2018-09-04 17:39 ` Gilles Gravier
2018-09-04 17:45 ` Henry Bent
2018-09-05 6:31 ` Gilles Gravier
2018-09-05 12:55 ` Arthur Krewat
2018-09-05 15:26 ` Warner Losh
2018-09-05 15:36 ` Chet Ramey
2018-09-05 15:43 ` Arthur Krewat [this message]
2018-09-05 23:40 ` Dave Horsfall
2018-09-06 3:21 ` [TUHS] Mail etiquette (was: SunOS code?) Greg 'groggy' Lehey
2018-09-05 0:10 ` [TUHS] SunOS code? Tony Finch
-- strict thread matches above, loose matches on Subject: below --
2018-09-04 17:58 Noel Chiappa
2018-09-06 0:39 ` Dave Horsfall
2018-08-30 19:54 Noel Chiappa
2018-08-30 20:05 ` Earl Baugh
2018-08-30 19:41 Noel Chiappa
2018-08-30 19:46 ` Larry McVoy
2018-08-30 20:04 ` Warner Losh
2018-08-30 20:22 ` Larry McVoy
2018-08-30 20:33 ` Clem Cole
2018-08-30 20:36 ` Larry McVoy
2018-08-30 20:40 ` Clem Cole
2018-08-30 20:43 ` Larry McVoy
2018-08-30 20:38 ` Warner Losh
2018-08-30 20:42 ` Larry McVoy
2018-08-30 20:43 ` Clem Cole
2018-08-30 20:37 ` Clem Cole
2018-08-31 5:49 ` Lars Brinkhoff
2018-08-31 9:50 ` Dave Horsfall
2018-08-31 11:01 ` Gregg Levine
2018-08-31 11:05 ` Lars Brinkhoff
2018-08-24 15:13 [TUHS] Research UNIX on the AT&T 3B2? Seth Morabito
2018-08-24 16:06 ` Clem Cole
2018-08-27 15:54 ` Mary Ann Horton
2018-08-27 17:33 ` Clem Cole
2018-08-28 0:24 ` Dave Horsfall
2018-08-28 0:30 ` Larry McVoy
2018-08-28 6:01 ` arnold
2018-08-28 22:33 ` Dave Horsfall
2018-08-29 0:36 ` Harald Arnesen
2018-08-29 0:46 ` Larry McVoy
2018-08-29 5:29 ` [TUHS] SunOS code? arnold
2018-08-29 14:40 ` Larry McVoy
2018-08-29 14:41 ` Dan Cross
2018-08-29 14:44 ` William Pechter
2018-08-29 14:46 ` Warner Losh
2018-08-29 14:45 ` Clem Cole
2018-08-29 14:43 ` Warner Losh
2018-08-29 14:45 ` Warner Losh
2018-08-29 14:53 ` Larry McVoy
2018-09-01 11:43 ` Steve Mynott
2018-09-01 13:50 ` Andy Kosela
2018-09-01 14:32 ` Warner Losh
2018-09-04 9:39 ` Andy Kosela
2018-09-01 15:01 ` Larry McVoy
2018-09-01 15:20 ` Warner Losh
2018-09-01 18:24 ` Steve Mynott
2018-09-01 18:38 ` Larry McVoy
2018-08-29 23:09 ` David Arnold
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a5f18bfe-8010-2bc1-6dc2-1c7c837aa36b@kilonet.net \
--to=krewat@kilonet.net \
--cc=imp@bsdimp.com \
--cc=tuhs@minnie.tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).