From owner-freebsd-ports  Mon Sep 20 18:47:24 1999
Delivered-To: freebsd-ports@freebsd.org
Received: from diana.infonets.hiroshima-u.ac.jp (diana.infonets.hiroshima-u.ac.jp [133.41.33.53])
	by hub.freebsd.org (Postfix) with ESMTP id A1D4714C2E
	for <ports@freebsd.org>; Mon, 20 Sep 1999 18:47:19 -0700 (PDT)
	(envelope-from taoka@infonets.hiroshima-u.ac.jp)
Received: from peg.infonets.hiroshima-u.ac.jp (peg.infonets.hiroshima-u.ac.jp [133.41.33.64])
	by diana.infonets.hiroshima-u.ac.jp (8.9.3/3.7W) with ESMTP id KAA76650
	for <ports@freebsd.org>; Tue, 21 Sep 1999 10:49:11 +0900 (JST)
Received: from localhost (localhost [127.0.0.1]) by peg.infonets.hiroshima-u.ac.jp (8.9.3/3.6W) with ESMTP
	id KAA48574 for <ports@freebsd.org>; Tue, 21 Sep 1999 10:47:17 +0900 (JST)
To: ports@freebsd.org
Subject: Re: ports/13809: new port: sysutils/wmbattery
From: TAOKA Satoshi <taoka@infonets.hiroshima-u.ac.jp>
In-Reply-To: <XFMail.990920162040.andrews@TECHNOLOGIST.COM>
References: <Pine.BSF.4.10.9909201135020.26241-100000@hub.freebsd.org>
	<XFMail.990920162040.andrews@TECHNOLOGIST.COM>
X-Mailer: Mew version 1.94 on XEmacs 21.1 (Big Bend)
X-Prom-Mew: Prom-Mew 1.93.4 (procmail reader for Mew)
X-URL: http://www.infonets.hiroshima-u.ac.jp/~taoka/
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <19990921104717Q.taoka@infonets.hiroshima-u.ac.jp>
Date: Tue, 21 Sep 1999 10:47:17 +0900
X-Dispatcher: imput version 990905(IM130)
Lines: 25
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



> >> I think wmbattery had better be set gid (to operator).
> I agree.. I inadvertently forgot to add that part..

OK.

> > Better make sure it's secure - many of these wm* utilities share a common
> > heritage, and at least one (wmmon) contained buffer overflows from
> > command-line arguments, and even processed arbitrary shell commands in a
> > dotfile as the setuid user. :-(
> 
> Well.. not much I can do about it right now since I don't even know what
> programming habits/mistakes lead to buffer overflows.. meaning I can't look for
> buffer overflows in wmbattery.

I don't understand, too.

By the way, I apply a secure-patch, wmapm/patches/patch-ab, to wmapm.
wmapm can suspend or resume the PC. And wmapm is set gid. The above
patch avoids to suspend or resume if the user dose not belong to the
group, operater. wmapm, however, can monitor Battery. :-)


S.TAOKA


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message