From owner-freebsd-questions Thu Mar 30 8:33:15 2000 Delivered-To: freebsd-questions@freebsd.org Received: from smtp.datacomm.ch (smtp.datacomm.ch [212.40.5.52]) by hub.freebsd.org (Postfix) with ESMTP id 3F81E37B820 for ; Thu, 30 Mar 2000 08:33:09 -0800 (PST) (envelope-from benlutz@datacomm.ch) Received: from lutz (line713-zuerich.datacomm.ch [212.254.11.13]) by smtp.datacomm.ch (8.9.3/8.9.3) with ESMTP id SAA03939 for ; Thu, 30 Mar 2000 18:32:58 +0200 From: "Benjamin Lutz" To: Subject: RE: Lynx forbidden Date: Thu, 30 Mar 2000 18:31:53 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <200003301605.LAA20134@radagast.wizard.net> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Well, I still have a question though: Why was Lynx marked "forbidden" at all, leading to misunderstandings? Or the standard unix user expected to be able to do this basic kind of "hacking"? Have a lot of fun, Ben >>> I must be missing something obvious here. The LYNX port is >>> marked ``forbidden'' because of its vulnerability to >>> buffer overflow exploits; we have seen the security >>> advisory, and the port's make file refuses to build. >> >> [...] >> >>> It seems to me that the better course would be to allow >>> those who wish to go ahead and install it and take their=20 >>> chances. >> >> You can. Just comment out the: >> >> FORBIDDEN=3D "Riddled with buffer overflows exploitable by a malicious= >> server >> to execute code as the local user." >> >> line in /usr/ports/www/lynx/Makefile and go for it. >> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message