Date: Sat, 30 Sep 2000 02:41:30 +0200 (IST) From: Roman Shterenzon <roman@xpert.com> To: Kris Kennaway <kris@FreeBSD.org> Cc: security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <Pine.LNX.4.10.10009291755520.17656-100000@jamus.xpert.com> In-Reply-To: <Pine.BSF.4.21.0009290030170.63575-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Perhaps I'll move to mutt, the same command gives only 92 occurrences :) Mutt on the other hand has sgid binary installed.. On Fri, 29 Sep 2000, Kris Kennaway wrote: > It almost killed me to see this: > > mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l > 4299 > > Don't use pine - I don't believe it is practical to make it secure. :-( > > Kris > > -- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe <forsythe@alum.mit.edu> > > ---------- Forwarded message ---------- > Date: Fri, 29 Sep 2000 00:28:48 -0700 (PDT) > From: Kris Kennaway <kris@FreeBSD.org> > To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org > Subject: cvs commit: ports/mail/pine4 Makefile > > kris 2000/09/29 00:28:48 PDT > > Modified files: > mail/pine4 Makefile > Log: > Mark FORBIDDEN: known buffer overflows exploitable by remote email. > > Parenthetically, no software which uses 4299 sprintf/strcpy/strcat > calls can possibly be safe - I don't expect to remove this FORBIDDEN > tag any time soon. :-( > > Revision Changes Path > 1.43 +3 -1 ports/mail/pine4/Makefile > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10009291755520.17656-100000>