Hi, Johannes Wiedersich wrote: > Rene Engelhard wrote: > > [ please stop sending me duplicate mails, nnnn@bugs.debian.org goes to the maintainer, > > which is debian-openoffice@lists.debian.org, which I am obviously subscribed to ] > > Have I misunderstood your first reply to my report or should that > terrible e-mail-address be immediately changed, to avoid confusion among > innocent users about the valued differences between OOo, OpenOffice.org, > and plain openoffice? Historical reasons again. Hard to cchange now, as it would need a new mailing list, transitioning to t he new one (means: changing all Maintainer:'s of all packages, etc.) Too much hassle. > > openoffice? probably not. There's no openoffice, neither in Debian or > > anywhere... > > ;-) Still true. There is no openoffice *package*. Iam very well aware that the ML is called -openoffice and the description bogusly says OpenOffice. > Well I do try my best, I think you do the same. But from your replies I > got the impression that it's my English that is not understood. No. You asked about my "Proof?" so you obviously didn't understand that I asked for a proof. > > You might call it a DOS, but even then it only happens when your nfs has problems > > (be it statd not running like in the cases before or now with your portmap/firwall combo). > > If someone else than you broke that you have far other problems, even if that would cause > > a DOS for OOo. > > Well since I didn't touch the configuration, I see two possibilities > that might have caused the problems: > - my box has been compromised (either my fault or a security hole being > exploited) > - there is an additional bug in either portmap or firestarter > > I understood your 'quod erat demonstrandum', that you have proof that > the problem is on my side. Please try to phrase your English and Latin > in a way that people don't get insulted. Wasn't meant so. You understood the qed perfectly right. The problem (nfs broken) was somewhere on your/your servers/whetever side. Of course, OOo shouldn't hang. We agree there. I really think you don't understand *my* english. I didn't say anything directly on your configuration, neither did I say you were compromised. What I was opposing in the last mail was you saying that this is probably a security hole, which it is not. It probably could be classified as a DOS, but as said, if the person wanting to DOS OOo with that way and (s)he got that far you already have lost anyway because (sh)e would need root anyway to fiddle with statd/lockd/whatever and at that point you have lost anyway and have better things to do than caring about OOo. Anyway, I consider this discussion ended. Summary_ a) *cause* of the bug was your nfs not working properly because your firewall/portmap broke b) yes, it's a bug in OOo that it hangs, but that's the *symptom* I never said that it wasn't a bug in OOo c) this is not a security bug as you claimed. And it's neither is a DOS because when people are able to DOS OOO that way you have already a far serious problem since the attacker already has root somewhere. Gr??e/Regards, Ren? -- .''`. Ren? Engelhard -- Debian GNU/Linux Developer : :' : http://www.debian.org | http://people.debian.org/~rene/ `. `' rene@debian.org | GnuPG-Key ID: 248AEB73 `- Fingerprint: 41FA F208 28D4 7CA5 19BB 7AD9 F859 90B0 248A EB73
Attachment:
signature.asc
Description: Digital signature