Date: Tue, 22 Feb 2000 15:46:49 +0900 From: Masafumi NAKANE <max@wide.ad.jp> To: imp@village.org Cc: 3APA3A@SECURITY.NNOV.RU, kris@hub.freebsd.org, serg@dor.zaural.ru, freebsd-security@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG Subject: Re: Re[2]: delegate buffer overflow (ports) Message-ID: <s99hff14tuv.wl@bourbon.sfc.wide.ad.jp> In-Reply-To: In your message of "Fri, 28 Jan 2000 18:24:55 -0700" <200001290124.SAA65757@harmony.village.org> References: <18578.000128@sandy.ru> <200001280936.CAA60674@harmony.village.org> <200001290124.SAA65757@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
I finally got some time to sit down and look at the issue closely. I
agree the source of the DeleGate isn't really secure.
Here's my proposal.
1. Define NO_PACKAGE so that the CD-ROM and the FTP won:t include the
package. And this will require the users to do ``make install'' if
they want to use DeleGate on their machines.
2. When a user simply types ``make'' or ``make install'' or whatever,
show something like:
**********************************************************************
* WARNING! WARNING! WARNING! WARNING! *
* This program has known security problems. *
* It is strongly recommended that you do not use this program. *
* *
* If you would like to use this program despite the danger, *
* run make with ``FORCE_BUILD=YES''. *
**********************************************************************
3. If a user runs make with ``FORCE_BUID=YES'', build/install the
program with some security warining at the pre-build time as well
as post-install time.
What do people think?
Cheers,
Max
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?s99hff14tuv.wl>