Subject: Re: *READ THIS* snapshot fixes security hole *READ THIS*
To: None <current-users@NetBSD.ORG>
From: David Carrel <carrel@cisco.com>
List: current-users
Date: 08/29/1995 16:51:06
Just because a program uses syslog() does not mean it's unsafe.  The
vulnerability comes when the program allows user-specified data to be
passed to syslog().  Let's not get caught up in the hype.

If you have patches for a bug or can point out a "real" vulnerability
that's new, then send them in.  But I keep hearing too many people saying
they're going to be cool, cuz they're about to do something.  Posers!

Dave