httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Date Fri, 28 Jul 1995 05:33:54 GMT
On Thu, 27 Jul 1995, Robert S. Thau wrote:
> Hmmm... if I understand the argument here, you're saying that server
> software which identifies its particulars may thereby advertise which
> holes it had.  Taken to the limit, one could argue that it's best not
> to say even what the server version is.

Perhaps, yeah.  However, the odds of there being a bug in a particular 
software program (say, apache), while not non-zero, are relatively less 
than there being a bug in some software package on some particular OS.  
The fact that one daemon could compromise information that could make 
another vulnerable seems like a bad thing.  

Again, I'm just playing Devil's Advocate here, and I won't veto a patch 
to implement this.  


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--  http://www.[hyperreal,organic].com/

View raw message