From: Arthur Krewat <krewat@kilonet.net>
To: tuhs@minnie.tuhs.org
Subject: Re: [TUHS] SunOS code?
Date: Wed, 5 Sep 2018 08:55:02 -0400 [thread overview]
Message-ID: <be545932-5813-5b6a-1304-c33f1a71712c@kilonet.net> (raw)
In-Reply-To: <CABq8+zcm4oAzTkOtkd-ZeG12Aq-h_oYHOYGH+kGaMS87qN6kXA@mail.gmail.com>
On 9/5/2018 2:31 AM, Gilles Gravier wrote:
> It's the common example that I use to tell people that opensourcing
> software makes it more secure because the good guys have access to the
> source code at the same time as the bad guys, which gives them a fair
> chance to fix bugs before the bad guys use them.
Bash/Shellshock kinda proves that premise incorrect, although it's
pretty much the worst-case example, but still... ;)
Announced in 2014, it goes back to September 1989 (according to a
wikipedia article, so I'm not sure about that date's accuracy).
https://en.wikipedia.org/wiki/Shellshock_(software_bug)
https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33
https://www.cvedetails.com/product/17/IBM-AIX.html?vendor_id=14
https://www.cvedetails.com/product/20/HP-Hp-ux.html?vendor_id=10
https://www.cvedetails.com/product/19755/Oracle-Solaris.html?vendor_id=93
It could be argued that the above CVE results are either under-reported
(closed-source), or over-reported (open-source). Or vice-versa ;)
ak
next prev parent reply other threads:[~2018-09-05 12:55 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-30 21:34 Noel Chiappa
2018-08-31 1:59 ` Kevin Bowling
2018-08-31 21:34 ` Cág
2018-08-31 21:39 ` Clem Cole
2018-08-31 21:47 ` Arthur Krewat
2018-08-31 21:57 ` Warner Losh
2018-08-31 21:58 ` Larry McVoy
2018-08-31 22:02 ` Warner Losh
2018-08-31 22:19 ` Cág
2018-08-31 22:23 ` Jon Forrest
2018-08-31 22:30 ` Cág
2018-08-31 22:34 ` Jon Forrest
2018-09-01 10:46 ` Donald ODona
2018-08-31 22:20 ` Cág
2018-08-31 23:02 ` Arthur Krewat
2018-09-01 1:57 ` Larry McVoy
2018-09-01 3:23 ` Theodore Y. Ts'o
2018-09-01 16:29 ` Kevin Bowling
2018-09-01 16:35 ` Larry McVoy
2018-09-01 19:32 ` Clem Cole
2018-09-01 16:27 ` Kevin Bowling
2018-09-01 17:17 ` Arthur Krewat
2018-09-01 22:19 ` Theodore Y. Ts'o
2018-09-02 5:05 ` Kevin Bowling
2018-09-02 19:43 ` Theodore Y. Ts'o
2018-09-04 11:47 ` Kevin Bowling
2018-09-04 17:39 ` Gilles Gravier
2018-09-04 17:45 ` Henry Bent
2018-09-05 6:31 ` Gilles Gravier
2018-09-05 12:55 ` Arthur Krewat [this message]
2018-09-05 15:26 ` Warner Losh
2018-09-05 15:36 ` Chet Ramey
2018-09-05 15:43 ` Arthur Krewat
2018-09-05 23:40 ` Dave Horsfall
2018-09-06 3:21 ` [TUHS] Mail etiquette (was: SunOS code?) Greg 'groggy' Lehey
2018-09-05 0:10 ` [TUHS] SunOS code? Tony Finch
-- strict thread matches above, loose matches on Subject: below --
2018-09-04 17:58 Noel Chiappa
2018-09-06 0:39 ` Dave Horsfall
2018-08-30 19:54 Noel Chiappa
2018-08-30 20:05 ` Earl Baugh
2018-08-30 19:41 Noel Chiappa
2018-08-30 19:46 ` Larry McVoy
2018-08-30 20:04 ` Warner Losh
2018-08-30 20:22 ` Larry McVoy
2018-08-30 20:33 ` Clem Cole
2018-08-30 20:36 ` Larry McVoy
2018-08-30 20:40 ` Clem Cole
2018-08-30 20:43 ` Larry McVoy
2018-08-30 20:38 ` Warner Losh
2018-08-30 20:42 ` Larry McVoy
2018-08-30 20:43 ` Clem Cole
2018-08-30 20:37 ` Clem Cole
2018-08-31 5:49 ` Lars Brinkhoff
2018-08-31 9:50 ` Dave Horsfall
2018-08-31 11:01 ` Gregg Levine
2018-08-31 11:05 ` Lars Brinkhoff
2018-08-24 15:13 [TUHS] Research UNIX on the AT&T 3B2? Seth Morabito
2018-08-24 16:06 ` Clem Cole
2018-08-27 15:54 ` Mary Ann Horton
2018-08-27 17:33 ` Clem Cole
2018-08-28 0:24 ` Dave Horsfall
2018-08-28 0:30 ` Larry McVoy
2018-08-28 6:01 ` arnold
2018-08-28 22:33 ` Dave Horsfall
2018-08-29 0:36 ` Harald Arnesen
2018-08-29 0:46 ` Larry McVoy
2018-08-29 5:29 ` [TUHS] SunOS code? arnold
2018-08-29 14:40 ` Larry McVoy
2018-08-29 14:41 ` Dan Cross
2018-08-29 14:44 ` William Pechter
2018-08-29 14:46 ` Warner Losh
2018-08-29 14:45 ` Clem Cole
2018-08-29 14:43 ` Warner Losh
2018-08-29 14:45 ` Warner Losh
2018-08-29 14:53 ` Larry McVoy
2018-09-01 11:43 ` Steve Mynott
2018-09-01 13:50 ` Andy Kosela
2018-09-01 14:32 ` Warner Losh
2018-09-04 9:39 ` Andy Kosela
2018-09-01 15:01 ` Larry McVoy
2018-09-01 15:20 ` Warner Losh
2018-09-01 18:24 ` Steve Mynott
2018-09-01 18:38 ` Larry McVoy
2018-08-29 23:09 ` David Arnold
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=be545932-5813-5b6a-1304-c33f1a71712c@kilonet.net \
--to=krewat@kilonet.net \
--cc=tuhs@minnie.tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).