, 2006-01-18
A recently announced weakness in the BSD securelevel system isn't going to be fixed in OpenBSD. While securelevel may have problems, the vendor's security response is unacceptable and doesn't fit with their stated goals.
Expand all |
Post comment
How not to respond to a security advisory
2006-01-19
Miles (3 replies)
Miles (3 replies)
How not to respond to a security advisory
2006-01-25
Michael Favinsky (1 replies)
Michael Favinsky (1 replies)
It should be added that this bug is really minor (yes, the chflag'ed file isn't really modified, and yes if you don't control who can mount things on the system, you'll have greater porbles). It's nearly excessive to call this a security flaw.
What about: with an hammer stroke on the hard drive, I can modify your chflag'ed file (even on NetBSD) ! ;)
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/380/32972#32972