[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: red worm amusement

On Sat, Jul 21, 2001 at 10:26:38PM -0800, Ethan Benson wrote:
> On Sat, Jul 21, 2001 at 09:02:54PM -0700, Jacob Meuser wrote:
> > 
> > Oh, I guess anyone can say something like "Four years without a remote
> > hole in the default install!" on the internet, where anyone is free to
> 
> that quote is pure marketing.  

Marketing?  OpenBSD has about as much of an adversising dept as does 
Debian.  None.

> they don't count the recent ftpd remote
> root hole in that `four years' because they stopped activitating ftpd
> in the default install of OpenBSD 2.7, which was released only a very
> short time before the hole was discovered.

And so the default install was not vulnerable to remote attacks.  Like
any other OS, you must update when updates are available.

> the kernel hole (basically
> the same ptrace race the linux kernel had previous to 2.2.19) was only
> locally exploitable so that `doesn't count' since its not remote.
>
Exactly.  The claim is that there is no REMOTE exploit.
 
> > If anyone who reads the posts I made looks at them with an objective
> > outlook, they will see that my message is clearly stated.
> 
> no its not you change your position every time a falicy is pointed
> out.  
>
What?  What?  I'm sorry, say that again.  What falacies are you talking
about?  My position is, and always has been, that 'apt-get install'
should not start the service, and should not put startup links in
/etc/rd?.d.
 
> and you keep pointing at OpenBSD as an example of a distribution that
> doesn't start any services, if you had ever actually installed an
> OpenBSD box you would see that is not true.  

You have a short memory don't you Ethan?  The last time I mentioned
OpenBSD on this list, you jumped all over me like you have this time.
Do you have something against OpenBSD?  Was you're experience with
OpenBSD 2.6 that bad?  What, did you ask some silly question on an
OpenBSD mailing list, and get flamed so bad you're still burning?
I happen to be using OpenBSD to write this email.  Next to me is my
OpenBSD server, and when this I send this message, it will go through
my OpenBSD firewall.  Are you offended by the number of time I just
wrote OpenBSD?  I never claimed OpenBSD doesn't start ANY services.

>
> as for debian services are only started if you install them, a very
> logical assumption.

Not really.  Someone just posted an example of where he installed
apache, but only needed it for a very short while.  It is logical
to assume that if a package is installed, it is for a reason.  It
is not logical to assume that there is a need to start it immediately,
and everytime the machine is booted.

> criticising debian's choices in regards to what
> services are priority: standard could be a valid argument.
>
I'll leave that to you.

<jakemsr@clipper.net>
Reply to: