Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.ececs.uc.edu!newsfeeds.sol.net!news.maxwell.syr.edu!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!panix!news.panix.com!not-for-mail From: tls@panix.com (Thor Lancelot Simon) Newsgroups: comp.unix.bsd.netbsd.misc,comp.security.unix Subject: Careless integration of others' code (WAS Re: Why no addusr?) Date: 15 Feb 1997 22:40:59 -0500 Organization: Panix Lines: 35 Message-ID: <5e5vkb$d89@panix2.panix.com> References: <none-ya023480001912962244220001@news.infi.net> <DERAADT.97Feb14205132@zeus.pacifier.com> <5e52dj$c8p@news.bayarea.net> <DERAADT.97Feb15155022@zeus.pacifier.com> Reply-To: tls@rek.tjls.com NNTP-Posting-Host: panix2.panix.com Xref: euryale.cc.adfa.oz.au comp.unix.bsd.netbsd.misc:5380 comp.security.unix:31763 In article <DERAADT.97Feb15155022@zeus.pacifier.com>, Theo de Raadt <deraadt@theos.com> wrote: >In article <5e52dj$c8p@news.bayarea.net> thorpej@baygate.bayarea.net (Jason R. Thorpe) writes: > > >Instead your project has developers that put #ifndef __OpenBSD__ into > >NetBSD source files so the FREE code, when merged into another system > >which happens to #define __OpenBSD__ will experience machine resets, > >right? (Hint to those who are curious, go get an alpha locore.S from > >January or so.) > > Well, the only suggestion I can offer is that you are more careful when > integrating code in the future. > >More careful, oh. > >Here is the file. > >The key is to search down to __OpenBSD__. I don't know much alpha >assembly either, but I think someone can guess that this might be >nasty. Let me get this straight: You hold OpenBSD up as a paragon of security, and yet integrate critical pieces of code such as locore.s without even reading them?! I hate to think just what might be lurking in all those FSF tools that OpenBSD ships wholesale, unmodified. Or any of the other myriad new code that OpenBSD has integrated from any number of external sources? -- This space not left unintentionally unblank. tls@rek.tjls.com $OpenBSD: locore.s,v 1.5 1996/10/30: Blindly integrating source code, $OpenBSD: locore.s,v 1.7 1997/01/24: so you can lose for 8 weeks. "Sleep tight."