Hi,
Johannes Wiedersich wrote:
> Rene Engelhard wrote:
> > [ please stop sending me duplicate mails, nnnn bugs.debian.org goes to the maintainer,
> > which is debian-openofficelists.debian.org, which I
am obviously subscribed to ]
>
> Have I misunderstood your first reply to my report or
should that
> terrible e-mail-address be immediately changed, to
avoid confusion among
> innocent users about the valued differences between
OOo, OpenOffice.org,
> and plain openoffice?
Historical reasons again. Hard to cchange now, as it would
need a new
mailing list, transitioning to t he new one (means: changing
all
Maintainer:'s of all packages, etc.)
Too much hassle.
> > openoffice? probably not. There's no openoffice,
neither in Debian or
> > anywhere...
>
> 
Still true. There is no openoffice *package*.
Iam very well aware that the ML is called -openoffice and
the
description bogusly says OpenOffice.
> Well I do try my best, I think you do the same. But
from your replies I
> got the impression that it's my English that is not
understood.
No. You asked about my "Proof?" so you obviously
didn't understand that
I asked for a proof.
> > You might call it a DOS, but even then it only
happens when your nfs has problems
> > (be it statd not running like in the cases before
or now with your portmap/firwall combo).
> > If someone else than you broke that you have far
other problems, even if that would cause
> > a DOS for OOo.
>
> Well since I didn't touch the configuration, I see two
possibilities
> that might have caused the problems:
> - my box has been compromised (either my fault or a
security hole being
> exploited)
> - there is an additional bug in either portmap or
firestarter
>
> I understood your 'quod erat demonstrandum', that you
have proof that
> the problem is on my side. Please try to phrase your
English and Latin
> in a way that people don't get insulted.
Wasn't meant so. You understood the qed perfectly right. The
problem
(nfs broken) was somewhere on your/your servers/whetever
side.
Of course, OOo shouldn't hang.
We agree there.
I really think you don't understand *my* english.
I didn't say anything directly on your configuration,
neither did I say
you were compromised.
What I was opposing in the last mail was you saying that
this is
probably a security hole, which it is not. It probably could
be
classified as a DOS, but as said, if the person wanting to
DOS OOo with
that way and (s)he got that far you already have lost anyway
because
(sh)e would need root anyway to fiddle with
statd/lockd/whatever and at
that point you have lost anyway and have better things to do
than caring
about OOo.
Anyway, I consider this discussion ended. Summary_
a) *cause* of the bug was your nfs not working properly
because your
firewall/portmap broke
b) yes, it's a bug in OOo that it hangs, but that's the
*symptom*
I never said that it wasn't a bug in OOo
c) this is not a security bug as you claimed. And it's
neither is a DOS
because when people are able to DOS OOO that way you have
already a
far serious problem since the attacker already has root
somewhere.
Gr??e/Regards,
Ren?
--
.''`. Ren? Engelhard -- Debian GNU/Linux Developer
: :' : http://www.debian.org | http://people.debian.
org/~rene/
`. `' renedebian.org | GnuPG-Key ID: 248AEB73
`- Fingerprint: 41FA F208 28D4 7CA5 19BB 7AD9 F859
90B0 248A EB73
|