*** From dhcp-server -- To unsubscribe, see the end of this message. ***
In a message dated: Thu, 01 Jul 1999 16:15:17 EDT
Ted Lemon said:
>Dude, if there were known ways of doing this, I'd have fixed them!
>:')
Okay, that's cool, I can live with that :)
>I don't think anybody's done an audit specifically looking for
>vulnerabilities of this type, so if I were in your Doc Martins, I'd
>suggest doing one before you deploy something like this. I don't know
>of a problem, and I've made sincere and concerted efforts to avoid
>such problems, but I'd hate to see you assume there are none and then
>be painfully surprised later on.
Well, for the most part if my users crash their system because of stupity, I
don't much care :) On the other hand, if they were to gain root access on one
of those systems because they discovered some flaw in the dhcp server, then I
might be a little concerned. Of course, once I found out about it, I'd write
a quick check in the startup script to grep out that line, and
fail to start the server. Of course, I'd first mail the offending config file
to this list, then go hack the startup script :)
For the most part, I'm not too worried about my users intentionally looking
for this type of hole, they have much better things to do, and most aren't
bright enough to write their own .emacs files, never mind find a
buffer-overflow problem :)
Thanks a lot.
--
Seeya,
Paul
----
Please reply to [EMAIL PROTECTED] The corp sendmail people insist on
rewriting outgoing mail (including Reply-to: headers!) to send to
'@nortelnetworks.com' which we keep telling them is quite broken, but they
don't listen :)
Broadband Technology Division - Bay Networks (now a Nortel Company, Eh? :)
If you're not having fun, you're not doing it right!
------------------------------------------------------------------------------
To unsubscribe from this list, visit: http://www.isc.org/dhcp-lists.html
-*-
If you are without web access, or if you are having trouble with the web page,
please send mail to [EMAIL PROTECTED] with the subject line of
'unsubscribe'.
------------------------------------------------------------------------------
