From owner-freebsd-security Fri Sep 29 15:52:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp6.mindspring.com (smtp6.mindspring.com [207.69.200.110]) by hub.freebsd.org (Postfix) with ESMTP id 301E237B66D; Fri, 29 Sep 2000 15:52:11 -0700 (PDT) Received: from p4f0i0 (user-2inigug.dialup.mindspring.com [165.121.67.208]) by smtp6.mindspring.com (8.9.3/8.8.5) with SMTP id SAA11664; Fri, 29 Sep 2000 18:52:02 -0400 (EDT) Message-ID: <002e01c02a68$00fe3900$d04379a5@p4f0i0> From: "Jonathan M. Slivko" To: "Roman Shterenzon" , "Kris Kennaway" Cc: References: Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Date: Fri, 29 Sep 2000 18:52:52 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Heh, pine is secure. or, so I think :P [Jonathan M. Slivko, President & Founder - Linux Mafia Internet Services] [Phone: (212) 663-1109 - Pager: (917) 388-5304 (24/7)] [Webpage: http://www.linux-mafia.net -- "In FreeBSD We Trust" ] ----- Original Message ----- From: "Roman Shterenzon" To: "Kris Kennaway" Cc: Sent: Friday, September 29, 2000 8:41 PM Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) > Perhaps I'll move to mutt, the same command gives only 92 occurrences :) > Mutt on the other hand has sgid binary installed.. > > On Fri, 29 Sep 2000, Kris Kennaway wrote: > > > It almost killed me to see this: > > > > mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l > > 4299 > > > > Don't use pine - I don't believe it is practical to make it secure. :-( > > > > Kris > > > > -- > > In God we Trust -- all others must submit an X.509 certificate. > > -- Charles Forsythe > > > > ---------- Forwarded message ---------- > > Date: Fri, 29 Sep 2000 00:28:48 -0700 (PDT) > > From: Kris Kennaway > > To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org > > Subject: cvs commit: ports/mail/pine4 Makefile > > > > kris 2000/09/29 00:28:48 PDT > > > > Modified files: > > mail/pine4 Makefile > > Log: > > Mark FORBIDDEN: known buffer overflows exploitable by remote email. > > > > Parenthetically, no software which uses 4299 sprintf/strcpy/strcat > > calls can possibly be safe - I don't expect to remove this FORBIDDEN > > tag any time soon. :-( > > > > Revision Changes Path > > 1.43 +3 -1 ports/mail/pine4/Makefile > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > --Roman Shterenzon, UNIX System Administrator and Consultant > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message