From: Joachim Schipper [mailto:[EMAIL PROTECTED] > Yes, and root can do quite a few other nasty things as well. > Where did I > say this was something completely new? Where did I say that > it fixed the > problem? > > It does two things: > 1. It makes a single avenue of attack ('the most obvious > attack') impossible.
And leaves countless other "avenues of attack" possible. Does OpenBSD start applying half-assed fixes for countless other non-issues every time someone wants to gain recognition by pointing one out? Here's one more. "It has been discovered that the superuser can delete the passwd file on an OpenBSD system by executing the rm(1) command when logged in." Should the "exploit" now be fixed by making sure that rm(1) doesn't take /etc/passwd as an argument if the command is issued by the root user and the real user is detected as having evil intent? I know it's not apples to apples, but come on - you have to draw the line somewhere. > 2. It shuts up the crowd who don't exactly like OpenBSD and/or > don't understand what is at stake here. Doing something just to appease the ignorant people who don't understand the problem has never been a good idea; why now? DS
