by redmail.netbsd.org with SMTP; 16 Feb 2000 16:34:42 -0000
	by reddwarf.rightnowtech.com (8.8.8/8.8.8) id JAA02531;
	Wed, 16 Feb 2000 09:31:14 -0700 (MST)
To: Daniel Carosone <dan@geek.com.au>
Cc: tech-security@netbsd.org
Subject: Re: NetBSD Security Advisory 2000-001
References: <14505.23693.773699.404104@passion.geek.com.au> <x6zot2w3h2.fsf@reddwarf.rightnowtech.com> <14506.26233.23859.399366@passion.geek.com.au>
From: Chris Jones <chris@cjones.org>
Date: 16 Feb 2000 09:31:13 -0700
In-Reply-To: Daniel Carosone's message of "Wed, 16 Feb 2000 20:03:17 +1100 (EST)"
Message-ID: <x67lg5p0ry.fsf@reddwarf.rightnowtech.com>
Lines: 23
User-Agent: Gnus/5.0803 (Gnus v5.8.3) Emacs/20.5
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

Daniel Carosone <dan@geek.com.au> writes:

> Philosophical discussions aside, let's return for a moment to the
> original question..

[...]

> Specifically in the case of someone who cannot patch or upgrade ust
> yet, are they still vulnerable via user mounts?
> 
> It's a very good question, and one for which I'd like an authoritative 
> answer so I can adjust the SA as needed. Any takers, please?

I'd volunteer, but I won't have time to test it until Thursday
evening.

Chris

-- 
-----------------------------------------------------chris@cjones.org
Chris Jones                                          cjones@honors.montana.edu
           Mad scientist at large
"Is this going to be a stand-up programming session, sir, or another bug hunt?"