From owner-cvs-all  Mon Oct  2 20: 9:33 2000
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9AAC537B502; Mon,  2 Oct 2000 20:09:30 -0700 (PDT)
Received: (from kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id UAA16589;
	Mon, 2 Oct 2000 20:09:30 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Date: Mon, 2 Oct 2000 20:09:30 -0700
From: Kris Kennaway <kris@FreeBSD.org>
To: Brian Somers <brian@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.bin/finger finger.c
Message-ID: <20001002200930.A8315@freefall.freebsd.org>
References: <200010022227.PAA62603@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200010022227.PAA62603@freefall.freebsd.org>; from brian@FreeBSD.org on Mon, Oct 02, 2000 at 03:27:34PM -0700
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Oct 02, 2000 at 03:27:34PM -0700, Brian Somers wrote:
> brian       2000/10/02 15:27:34 PDT
> 
>   Modified files:
>     usr.bin/finger       finger.c 
>   Log:
>   Don't allow finger /somefile, only allow filname expansions from
>   inside /etc/finger.conf

I hope this demonstrates to all committers the need for code review of
patches which affect network or trusted application behaviour..this is
very embarrassing.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message