Am 03.01.2008 um 00:22 schrieb Roflek of TK53: > On Jan 2, 2008 11:31 PM, Tomasz Kojm <[EMAIL PROTECTED]> wrote: >> I don't negate your points about O_EXCL etc. I don't negate the >> thesis in >> the subject either :-) What I really negate is the FUD you're >> making with your >> disclosures, some technical details, and the general pointless of >> making >> a storm in a teacup around issues which should be rather treated >> as regular >> bugs because their security significance is close to 0. > > Lol, wut FUD? > > YOU are the one that spreads misleading information, due to your > failure to understand the implications of a number of security issues > which you deny or dismiss as insignificant. And exactly those programs > that are written by the ignorant kind of people like you are the ones > that get exploited.
Let's leave the technical part out, since this is not a technical issue as it seems. Tomasz did not deny anything, he just said that this are minor issues. I fully understand that your ego gets pushed by seeing your nick in a post on FD and you simply can't cope with opinions that differ that much from yours. Somehow i suspect this is something personal, not technical. > > Or is your denial simply the result of the personal hurt because all > types of security groups pwn teh shit out of ClamAV? Better be happy > that at least somebody audits your code, or take the next step: > rigorously audit the code by yourself. Oh wait - if you talk about security groups i hope you don't think this includes you?! Security groups are usually not interested in "pwning the shit out of something" - that's what kids do. The security groups we worked together till now usually have a clue about responsible disclosure and things like that. If you really would give a sh*t about security and/or if you would believe that the "vulnerabilities" you found are that severe, you would follow the common guidelines of disclosure. But hey, it's not about security, is it? Thanks for reporting the bugs. > > -- Best regards, Christoph _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
