Subject: Re: OpenSSH Priv Sep and Remote Exploit?
To: Sean Davis <firstname.lastname@example.org>
From: Theo de Raadt <email@example.com>
Date: 06/24/2002 18:48:20
> I don't really care about a bug description. But I do feel that having a fix
> and not releasing it is a little irresponsible. It doesn't seem to me like too
> much to ask that the authors provide fixes to their software.
You are so entirely out of touch with reality. Less than 24 hours
after we produce a patch, there will be a public exploit. You'll see.
But we've got another patch. It's this big thing called privsep, and
it does not point a big arrow at the little exact bug.
But you don't understand. Wow the world has an overabundance of
entirely stupid people in it.