Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: Apache Exploit Code
  • From: pinard@xxxxxxxxxxxxxxxx (François Pinard)
  • Date: 20 Jun 2002 10:51:08 -0400
  • Message-id: <oq8z5am2ar.fsf@xxxxxxxxxxxxxxxxxxxxxxx>
[Keith Winston]

> Why would you need exploit code? Just download the patch and apply.

An exploit code could be used to check 1) if the bug existed prior to the
patch and 2) if the patch corrects the problem.

Saying "blindly apply the patch" is probably sufficient for many of us,
me included. But in the spirit of free source code, people might want
to study and check themselves. That's only healthy in my opinion.

Of course, villains might want the exploit code for other reasons :-)

> It appears from the content of your post and your l33t h4ck3r name at
> that you are a lazy script kiddie.

Highly suspicious indeed!

François Pinard

< Previous Next >