[syslog-ng]syslog-ng crash
Gregor Binder
gb@rootnexus.net
Fri, 1 Feb 2002 21:28:43 +0100
William D. Colburn (aka Schlake) on Fri, Feb 01, 2002 at 12:58:57PM -0700:
William,
> Normally I would disclose the crash to the list, but if no fix will be
> forthcoming I am afraid too let other people know how to down a server.
>
> Does anyone know if the author is still available, or if I should dig
> into the code to generate a patch on my own before releasing this
> information?
I strongly suggest you publish this problem to this list, or, if it is
relevant enough, to the security-lists (vuln-dev, bugtraq, whatever you
see fits).
The security community agrees that security issues should be published
within a certain amount of time, to allow people to think about counter-
measures of any kind or at least *know* that they are vulnerable ... see
http://www.securityfocus.com/ and look for the full disclosure policy.
Chances are, if you could figure out the problem exists, somebody
malicious could too ... besides that, I believe Balasz is back from the
hospital anyway?
Regards,
--
____ ____
/ _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)>
| / || _\ \
\__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B