> This does fall under reliability fix category, though, since it
> isn't really a security issue, the bug puts the system into one
> of its most secure states: halted. Well, that is as long as
> youve disabled the kdb, which you should have on a production
> box.
It's a denial of service attack then.
It's very simple really: the OpenBSD team graciously maintains
and develops a distribution of software. If one of the components
exhibits a security flaw in a reasonable configuration then it is
a security hole.
That's all there is to it. No need for PR damage control.
> This does fall under reliability fix category, though, since it
> isn't really a security issue, the bug puts the system into one
> of its most secure states: halted. Well, that is as long as
> youve disabled the kdb, which you should have on a production
> box.
It's a denial of service attack then.
It's very simple really: the OpenBSD team graciously maintains
and develops a distribution of software. If one of the components
exhibits a security flaw in a reasonable configuration then it is
a security hole.
That's all there is to it. No need for PR damage control.
--
Thamer Al-Harbash
GPG Key fingerprint: D7F3 1E3B F329 8DD5 FAE3 03B1 A663 E359 D686 AA1F
[ reply ]