[rsbac] Re: rsbac 1.2.3
Michal Purzynski
albeiro at zeus.polsl.gliwice.pl
Tue Jun 29 15:09:33 CEST 2004
> No, not that there might be some, but that there ARE (and still are)
> several. I gave them the code to find these *vulnerabilities* even with
> instructions on how to modify it to test with RSBAC. What the else do
> you want? You want me to fix your vulnerabilities too?
>
brad, what is your point ? you have said that you have found bugs in rsbac
jail module that make possible to excecute code outside the jail. woried
about it i asked you for details. you have answered me that you will not
tell me anything more. what you did was exactly: claiming that there are
bugs and giving idea about using your regresion suite to test rsbac_jail()
because you have not reveal how it was modyfied we ad done it on our own.
using this test and our _brains_ we have found some problems with
rsbac_jail() and fixed it. now you claim again hearing that this bugs
were fixed. well, you did not say anything more important that they are in
jail module, so why should you be credited ? i was reding jail code and
writing down what i have found bad in it, later Amon has fixed it. what is
more, that is your point of view, is not it ? you hae said few times, that
we have to find this bugs myself. so we did. yes, your code has been used.
yes, it has been removed now.
> Again, as seen from above, I did more than my share to report these
> holes. If i had not, how would you have found them? Are you also
by reading code brad, by reding code. like any casual hacker.
> claimining to have not found them by using my code?
where did we claim ?
> Just because you
> don't like someone's method of reporting vulnerabilities doesn't give
> you the right to be a jackass. In fact, I had even discussed the
> vulnerabilities in explicit terms on IRC with albeiro.
we were discussing it in a very limited manner. you did not give any
details. not even told how much bugs have you found or which way could i
verify it. i had to read code and test with regresion suite. later has
been removed.
> It's hilarious
> to me when I discover multiple vulnerabilities in someone's system and
> they still think I'm lying about there being additional holes.
like is for me when somebody said he discovered holes and did not nityfied
its author. send info to Amon Ott.
Albeiro
More information about the rsbac
mailing list