Marc Espie and Dirk at kde have acknowledged the security problem OpenBSD has with kde kgrantpty. The problem with /tmp/.X11-unix/X0 addressed by the 2003 paper on XFree86 still exists today with Xorg. If the rest of you fail to see the problem, even when the evidence is available to you on your respective systems, so be it.
On Tuesday 27 December 2005 14:56, Daniel Ouellet wrote: > Dave, > > I keep reading your emails and many answer to them as well. So far, > nothing is evidence or anything yet. Also, based on some of your latests > emails, look like the intruder is still coming back to your box still > and you reboot the KDE to kick him/here out. > > Look like you are saying there is a security problem, but yet you still > provide no details what so ever on your setup, what you do, what's > install, how he/she may get into, etc. > > If there is really a problem, then provide the informations, all of it. > If the intruder is still coming in, then the entry door is still open > then. So, I am not saying this should be done, but either provide all > the details, or may be even better if someone from the project want to > look at it as it is happening, then let them do so, if they want to > obviously. > > If there is any security problem in OpenBSD of any kind, I am sure many > developers would be all over it by now, but it doesn't look to me that > there is one, project related anyway, or if it is from some packages > provided by the project as well, I am sure they would love to know that > and address it! After all they live for that, way of speaking anyway! > > With all due respect to you and I intend no disrespect what so ever, it > really start to be annoying more then helping. Please provide details, > ALL of it so that better mind can look at it seriously and if there is a > problem, address it ASAP. Quite frankly, it is becoming clear to me that I'm better off to keep quiet about things I become aware of. And not just wrt computers. I'm perhaps relearning that lesson quite late in life. I was told in 7th Grade by an exasperated history teacher "you don't let people *know* that(what?) you know"! One of my survival skill perhaps? :-) > If instead you try to keep the informations for yourself, for what ever > reason, then so do it. But in all fairness what you do now is very much > annoying at best. Again, believe me, I mean no offense to you or anyone > else, but it is just how it is from my side. SO, if there is a real > problem, put it under the spotlight and let get it fix, or else. > > Just an idea and that was my first and last email on that one. > > Daniel Your comments are taken in the spirit in which they are offered. I'll try hard in the future to let sleeping dogs lay. Happy New Year, Dave -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"
