From owner-freebsd-ports  Tue Aug  8  3:40:33 2000
Delivered-To: freebsd-ports@freebsd.org
Received: from mail2.netcologne.de (mail2.netcologne.de [194.8.194.103])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4DAA437B840; Tue,  8 Aug 2000 03:39:55 -0700 (PDT)
	(envelope-from pherman@frenchfries.net)
Received: from bagabeedaboo.security.at12.de (dial-195-14-235-77.netcologne.de [195.14.235.77])
	by mail2.netcologne.de (8.9.3/8.9.3) with ESMTP id MAA05089;
	Tue, 8 Aug 2000 12:39:53 +0200 (MET DST)
Received: from localhost (localhost.security.at12.de [127.0.0.1])
	by bagabeedaboo.security.at12.de (8.10.2/8.10.2) with ESMTP id e78Adhk02418;
	Tue, 8 Aug 2000 12:39:43 +0200 (CEST)
Date: Tue, 8 Aug 2000 12:39:43 +0200 (CEST)
From: Paul Herman <pherman@frenchfries.net>
To: Matt Heckaman <matt@ARPA.MAIL.NET>
Cc: Rick McGee <rickm@imbris.com>,
	FreeBSD-PORTS <freebsd-ports@FreeBSD.ORG>,
	FreeBSD-SECURITY <freebsd-security@FreeBSD.ORG>
Subject: Re: pine 4.21 port issues?
In-Reply-To: <Pine.BSF.4.21.0008080127370.87221-100000@epsilon.lucida.qc.ca>
Message-ID: <Pine.BSF.4.21.0008081235320.310-100000@bagabeedaboo.security.at12.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 8 Aug 2000, Matt Heckaman wrote:

> Yes, I know what the sticky bit does :) The point is, that is NOT
> set on the directory by default in FreeBSD, nor is the directory
> world writable, so why is pine reporting this as a vulnerability?
> I know that it is not, but it's causing panic in my users.

I'm not 100% sure, but it looks like patch-aw tries to address this.

(I haven't tested it in 4.1-STABLE...)

-Paul.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message