LinuxQuestions.org - suggestion

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - suggestion (https://www.linuxquestions.org/questions/linux-security-4/suggestion-128293/)

maybe you guys should take away the forum description that mentions "exploits", since obviously you dont want anyting regarding them posted. it kinda gives the wrong impression when it clearly says
"This forum is for all security related questions.
Questions, tips, exploits, firewalls, etc. are all included here."

Since we do not want to help people with coding their own or fixing others, we probably should. Thanks for noting it.

Given that most of the input here is about exploits is about "how to avoid" or "how to fix" exploits, I don't think that there is a problem mentioning them. Besides, almost anyone who asks "how to take advantage of" or "how to create" one get quickly reminded otherwise. There's nothing wrong with the word "exploit". It's all in how the community offers input. That's like saying that you don't want to mention virii because somebody might be attempting to write one. I would hope that it would be obvious that people who ask those types of questions would realize that this is not the place to go.

infamous41md,

Thanks for the suggestion. Removing exploits is probably more inline with what we'd like discussed here. On unSpawn's suggestion I have updated it to "system compromises".

--jeremy

Quote:

Originally posted by stickman
Given that most of the input here is about exploits is about "how to avoid" or "how to fix" exploits, I don't think that there is a problem mentioning them. Besides, almost anyone who asks "how to take advantage of" or "how to create" one get quickly reminded otherwise. There's nothing wrong with the word "exploit". It's all in how the community offers input. That's like saying that you don't want to mention virii because somebody might be attempting to write one. I would hope that it would be obvious that people who ask those types of questions would realize that this is not the place to go.

well, no. im a programmer, and i write exploits, and a few weeks ago i was trying to figure out where the bof was in the recent sendmail vulnerability(which nobody seems to have found yet). anyhow, i came and posted in here merely asking if anyone else had been workin on it, and asked them to IM me if they wanted to work on it with me. my post was deleted and i was warned. so i thought it would make sense to be clearer about the rules.

unspawn, jeremy << thanks :)

asked them to IM me if they wanted to work on it with me. my post was deleted and i was warned.
No, your post was closed, big difference. We had a short email conversation about this and I redirected you to the "proper" channels for this, SF, full disclosure and bugtraq mailinglist, like that. LQ just ain't the place for FD and help *with* exploits.

so i thought it would make sense to be clearer about the rules.
Yes, you're right and I appreciate you offered the suggestion.

BTW, did you get your BO going with mailinglist help or?

no apparently nobody can find(or wants to share yet) where it even is. i mean, i was kinda pissed b/c usually its not that hard once you've read the advisory. they even tell you what function it's in, but i cant' figure it out for the life of me. i spent an entire day analyzing that function and couldnt find squat.
http://www.securityfocus.com/bid/8641/info/ there is the advisory.

edit: i see that a patch was released(new version) so maybe i'll give it a shot again; should be easier now having that.