From owner-freebsd-security Sun Apr 30 0: 1:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from ady.warpnet.ro (ady.warpnet.ro [194.102.224.1]) by hub.freebsd.org (Postfix) with ESMTP id AF7F637B6AE; Sun, 30 Apr 2000 00:01:29 -0700 (PDT) (envelope-from ady@warpnet.ro) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id KAA37115; Sun, 30 Apr 2000 10:04:08 +0300 (EEST) (envelope-from ady@warpnet.ro) Date: Sun, 30 Apr 2000 10:04:06 +0300 (EEST) From: Adrian Penisoara To: Kris Kennaway Cc: freebsd-security@FreeBSD.ORG Subject: Re: mail/imap-uw port: upgraded from 4.7b to 4.7c(1) [still 12.264] In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, On Sat, 29 Apr 2000, Kris Kennaway wrote: > On Sun, 30 Apr 2000, Adrian Penisoara wrote: > > > Hi, > > > > Could you please check out the new version committed yesterday ? > > Yeah, I will when I get the chance. THanks for the reminder :) > > > BTW, while we're at it: the port auditing folks should take a look at > > mlock sources (in imap-utils source tarball) -- it's a SGID executable! > > One would hope this is okay, given they imap-uw folks claim to have > performed a comprehensive audit on the set[ug]id parts of their code. Nope, they DON'T ! They just stated this is a sample locking utility with minimal auditing... from what I recall from the first time I included mlock in the port. > > Kris > Thanks, Ady (@freebsd.ady.ro) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message