From owner-freebsd-security  Wed Jan 10 17:23:54 2001
Delivered-To: freebsd-security@freebsd.org
Received: from daedalus.cs.brandeis.edu (daedalus.cs.brandeis.edu [129.64.3.179])
	by hub.freebsd.org (Postfix) with ESMTP id 6AFE137B400
	for <security@FreeBSD.ORG>; Wed, 10 Jan 2001 17:23:34 -0800 (PST)
Received: from localhost (meshko@localhost)
	by daedalus.cs.brandeis.edu (8.9.3/8.9.3) with ESMTP id UAA20349;
	Wed, 10 Jan 2001 20:23:27 -0500
Date: Wed, 10 Jan 2001 20:23:27 -0500 (EST)
From: Mikhail Kruk <meshko@cs.brandeis.edu>
To: Trevor Johnson <trevor@jpj.net>
Cc: Jason DiCioccio <Jason.DiCioccio@Epylon.com>,
	<security@FreeBSD.ORG>, Berend de Boer <berend@pobox.com>
Subject: RE: CERT advisory:  "Interbase Server Contains Compiled-in Back D
 oor Account"
In-Reply-To: <Pine.BSI.4.30.0101102004020.20643-100000@blues.jpj.net>
Message-ID: <Pine.LNX.4.30.0101102022150.20113-100000@daedalus.cs.brandeis.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> The backdoor is not documented in the pkg-descr file for the port.  If the
> port is not fixed or forbidden, and it has the backdoor, the fact should
> at least be documented there.

I don't see how such a backdoor can be left in the package, even if there
is a warning in pkg_descr.
This is a potential remote exploit after all.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message