Обсуждение: Re: @(#)Mordred Labs advisory 0x0004: Multiple buffer overflows inPostgreSQL. (fwd)
Re: @(#)Mordred Labs advisory 0x0004: Multiple buffer overflows inPostgreSQL. (fwd)
От
"Dann Corbit"
Дата:
> -----Original Message----- > From: Frank Wiles [mailto:frank@wiles.org] > Sent: Tuesday, August 20, 2002 1:57 PM > To: Dann Corbit > Cc: pgsql-hackers@postgresql.org > Subject: Re: [HACKERS] @(#)Mordred Labs advisory 0x0004: > Multiple buffer overflows inPostgreSQL. (fwd) > > > .------[ Dann Corbit wrote (2002/08/20 at 13:54:53) ]------ > | > | > From: Vince Vielhaber [mailto:vev@michvhf.com] > | > Sent: Tuesday, August 20, 2002 1:48 PM > | > To: pgsql-hackers@postgreSQL.org > | > Subject: [HACKERS] @(#)Mordred Labs advisory 0x0004: Multiple > | > buffer overflows inPostgreSQL. (fwd) > | > > | > > | > > | > And another one. Sure would be nice if shit-for-brains would > | > mention it to us first. > | > | It looks to me like he may be the most valuable tester on > the staff. | As long as we find out what the problem is, > why complain? | > `------------------------------------------------- > > The reason to complain is that he is not notifying the development > team before hand. Giving them absolutely no chance to work on a > fix prior to the whole world freaking out over these bugs. > > If I was your neighbor, and I noticed your front door was open I > would contact you and let you know... not take out a full page > ad in the local news paper! Same idea applies here. :) > > Also, if I'm not mistaken this guy isn't on "staff". Well, of course, a well mannered team member would report the bugs through one of the normal channels. On the other hand, a malicious tester who finds these problems performs two valuable services: 1. Through great effort, he has found a problem that needs to be addressed or serious consequences will result. 2. He has raised a large public rancor. The result of which is that the serious problem must be addressed. The motivation is suspect. The character is suspect. But the result is of great value. In a similar manner, it is a common practice to hire hackers to try to break into your site. While their methods will be unconventional, and they can be very seedy and immoral characters, they will reveal information of great value to show you exactly where the hole needs to be plugged.
Re: @(#)Mordred Labs advisory 0x0004: Multiple buffer overflows inPostgreSQL. (fwd)
От
Frank Wiles
Дата:
.------[ Dann Corbit wrote (2002/08/20 at 14:05:37) ]------| | ... [large snip] ... || Well, of course, a well manneredteam member would report the bugs| through one of the normal channels.| On the other hand, a malicious tester whofinds these problems performs| two valuable services:| 1. Through great effort, he has found a problem that needs tobe| addressed or serious consequences will result.|| ... [small snip] ...|`------------------------------------------------- Reading the TODO list is "great effort"? What puzzles me most is that you speak as if you have personal knowledge ofhow much effort it took. --------------------------------- Frank Wiles <frank@wiles.org> http://frank.wiles.org---------------------------------