Date: Fri, 21 Apr 2000 14:39:44 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Otterley <otterley@attrition.dynamine.net> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Robert Watson <rwatson@FreeBSD.ORG>, "Michael S. Fischer" <michael@dynamine.net>, security@FreeBSD.ORG Subject: Re: Fw: Re: imapd4r1 v12.264 (fwd) Message-ID: <Pine.BSF.4.21.0004211437250.40444-100000@freefall.freebsd.org> In-Reply-To: <Pine.LNX.4.10.10004191014020.2997-100000@attrition.dynamine.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 19 Apr 2000, Otterley wrote:
> No! Please no! Unless you can offer a viable alternative (NOT Cyrus,
> thank you very much), please do not remove it. I'd much prefer a patch.
Given that two vulnerabilities have already been found, and the author has
not seen fit to release a patch to address them, I don't think this is
going to be forthcoming - there are probably going to be a lot of other
bugs discovered here, if the past history of the imap-uw port
is any indication.
Basically, the bottom line is that imap-uw is not safe to use in an
environment where you have users who you don't want to have shell access
to your machine, but unfortunately there isn't much in the way of
alternatives.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004211437250.40444-100000>