Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 30 Mar 2000 10:02:48 -0500
From:      Alan Clegg <abc@firehouse.net>
To:        tyson@stanfordalumni.org
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Lynx forbidden
Message-ID:  <20000330100248.L3459@laptop.firehouse.net>
In-Reply-To: <200003301452.JAA08782@radagast.wizard.net>; from tyson@stanfordalumni.org on Thu, Mar 30, 2000 at 09:52:12AM -0500
References:  <200003301452.JAA08782@radagast.wizard.net>

next in thread | previous in thread | raw e-mail | index | archive | help

--L/bWm/e7/ricERqM
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Out of the ether, tyson@stanfordalumni.org spewed forth the following bitst=
ream:
> I must be missing something obvious here.  The LYNX port is
> marked ``forbidden'' because of its vulnerability to
> buffer overflow exploits;  we have seen the security
> advisory, and the port's make file refuses to build.

[...]

> It seems to me that the better course would be to allow
> those who wish to go ahead and install it and take their=20
> chances.

You can.  Just comment out the:

FORBIDDEN=3D      "Riddled with buffer overflows exploitable by a malicious=
 server
 to execute code as the local user."

line in /usr/ports/www/lynx/Makefile and go for it.

Next time you cvsup, it will re-protect you from lynx, but no big deal.

AlanC

--L/bWm/e7/ricERqM
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: vvGv8XfanVpnfgN4JzcaVKAswMSRcu3D

iQA/AwUBOONsmPcyv/gweBpYEQIDuwCg41DQ+Q1bFGxKp7iCHkhD+sZ4lVoAn1uh
h/B+0OjTct+PIgs/oIz7C4jE
=B/jD
-----END PGP SIGNATURE-----

--L/bWm/e7/ricERqM--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000330100248.L3459>