Subject: Re: Re: lib/30923
To: Zafer Aydogan <email@example.com>
From: Rui Paulo <rpaulo@NetBSD.org>
Date: 08/25/2005 13:26:29
Content-Type: text/plain; charset=us-ascii
On 2005.08.25 11:00:54 +0000, Zafer Aydogan wrote:
| > I think the thread was all about the output message and the "secure" po=
| > of view of it. While I don't care much about the message printed, someo=
| > may want that as an option.
| Rui, you don't seem to get it. A Message is printed by syslog on the
| console. The Message that should be removed is on the remote end.
| That is a security issue! The patch closes this hole. Please commit it.
| I don't get why you make a big fuzz about this.=20
| Check Free- and OpenBSD or Linux if you think they handle this different.
| They don't. Aslong this is a security issue they definitely don't !
This is not a security issue from my POV. What I want is an option to
change the behaviour. That's all.
-- Rui Paulo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
-----END PGP SIGNATURE-----