Date: Fri, 29 Sep 2000 18:52:52 -0400 From: "Jonathan M. Slivko" <jmslivko@mindspring.com> To: "Roman Shterenzon" <roman@xpert.com>, "Kris Kennaway" <kris@FreeBSD.org> Cc: <security@FreeBSD.org> Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <002e01c02a68$00fe3900$d04379a5@p4f0i0> References: <Pine.LNX.4.10.10009291755520.17656-100000@jamus.xpert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Heh, pine is secure. or, so I think :P [Jonathan M. Slivko, President & Founder - Linux Mafia Internet Services] [Phone: (212) 663-1109 - Pager: (917) 388-5304 (24/7)] [Webpage: http://www.linux-mafia.net -- "In FreeBSD We Trust" ] ----- Original Message ----- From: "Roman Shterenzon" <roman@xpert.com> To: "Kris Kennaway" <kris@FreeBSD.org> Cc: <security@freebsd.org> Sent: Friday, September 29, 2000 8:41 PM Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) > Perhaps I'll move to mutt, the same command gives only 92 occurrences :) > Mutt on the other hand has sgid binary installed.. > > On Fri, 29 Sep 2000, Kris Kennaway wrote: > > > It almost killed me to see this: > > > > mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l > > 4299 > > > > Don't use pine - I don't believe it is practical to make it secure. :-( > > > > Kris > > > > -- > > In God we Trust -- all others must submit an X.509 certificate. > > -- Charles Forsythe <forsythe@alum.mit.edu> > > > > ---------- Forwarded message ---------- > > Date: Fri, 29 Sep 2000 00:28:48 -0700 (PDT) > > From: Kris Kennaway <kris@FreeBSD.org> > > To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org > > Subject: cvs commit: ports/mail/pine4 Makefile > > > > kris 2000/09/29 00:28:48 PDT > > > > Modified files: > > mail/pine4 Makefile > > Log: > > Mark FORBIDDEN: known buffer overflows exploitable by remote email. > > > > Parenthetically, no software which uses 4299 sprintf/strcpy/strcat > > calls can possibly be safe - I don't expect to remove this FORBIDDEN > > tag any time soon. :-( > > > > Revision Changes Path > > 1.43 +3 -1 ports/mail/pine4/Makefile > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > --Roman Shterenzon, UNIX System Administrator and Consultant > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002e01c02a68$00fe3900$d04379a5>