On Jan 3, 2008 3:14 AM, Christoph Cordes <[EMAIL PROTECTED]> wrote:
> Don't try to bend my words in a way you can make use of them. I did
> not say you're evil or mean. All i said is that your ego gets pushed
> by seeing your nick on the FD list. That's not even selfish and for
> sure not evil or mean - it's just your way to get a kick - others
> jump from bridges with a rope around the leg. I don't have to like
> it, but i understand the motivation. The point were things get
> complicated is your obviously personal attack against people that
> have a opposite opinion. This is not an acceptable way to discuss
> things in a public forum.
Boy, you really have serious issues.
> > "pwning the shit" is merely the ironic exaggeration of the bad
> > security record of ClamAV in the last 2 to 3 years.
>
> Nice excuse. But failed. I look at your mail address, i see the
> subject - irony is a fine art - and we are both no artists.
Since you are German, you obviously have no idea about irony.
> There are enough ways of disclosure without the risk of being sued or
> abused. but this usually comes with the disadvantage of anonymity -
> But that's usually not a problem for people who care about security
> and not about credits.
I'm already using a pseudonym, so what's your point?
> > BTW, I never claimed that the issues that we found are severe (I find
> > the severity scores incl. their subscores in CVE-2007-659{5,6} to
> > match pretty well). At least I don't deny that there's a bunch of
> > locally exploitable vulnerabilities in ClamAV, and if I had access to
> > the SVN repository, I would commit the (trivial) fixes to it, instead
> > of asserting that the described vulnerabilities aren't a problem
> > without fully understanding the implications of symlink races (the
> > flamebait subject says it all).
>
> So what's the point? You started flaming right after Tomasz declared
> the reported issues as minor.
No, I started flaming when Tomasz started claiming utter bullshit,
like the SUID/SGID statement. I mean, how ridiculous is that? When he
dismissed a symlink attack as non-existent because sigtool isn't
installed as SUID/SGID binary, it was absolutely clear that he doesn't
have the slightest fucking clue what's going on.
> >> Thanks for reporting the bugs.
> >
> > You meant vulnerabilities.
>
> No, don't try to tell me what i mean. I wrote "bugs" and not only
> because the word is easier to spell.
Ah, that "it's not a vulnerability" denial again. :-)
Regards,
Rofl as in Lek
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
