Date: Sat, 08 Jun 2002 15:12:39 -0700 From: Doug Barton <DougB@FreeBSD.org> To: Roger Marquis <marquis@roble.com> Cc: security@FreeBSD.ORG Subject: Re: Pine 4.44 Privacy Patch Message-ID: <3D028157.28F86BD7@FreeBSD.org> References: <20020607151320.C46348-100000@roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Roger Marquis wrote:
>
> Problem description:
>
> The Pine email client allows users to define the "From:"
> address independent of their Unix username. This is an
> indispensable feature for help desks and other role accounts.
>
> Unfortunately, user names and/or ids can still be leaked due to
> Pine's insertion of "Sender:" and/or "X-Sender:" headers. Pine
> versions earlier than 4.44 may also insert the Unix username
> into other envelope and header fields.
I've reviewed that patch, and I don't like it for a few reasons. Not the
least of which is that it is less than complete, and may give the user a
false sense of "security."
--
"We have known freedom's price. We have shown freedom's power.
And in this great conflict, ... we will see freedom's victory."
- George W. Bush, President of the United States
State of the Union, January 28, 2002
Do YOU Yahoo!?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D028157.28F86BD7>