From owner-freebsd-security Sat Nov 4 13: 3: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtpout.kingston-internet.net (smtpout.kingston-internet.co.uk [212.50.161.69]) by hub.freebsd.org (Postfix) with ESMTP id 467DD37B4C5 for ; Sat, 4 Nov 2000 13:02:57 -0800 (PST) Received: from dialup4.fawlty.kingston-internet.net ([212.50.169.4] helo=pmason.karoo.co.uk) by smtpout.kingston-internet.net with smtp (Exim 2.12 #8) id 13sASl-0000rI-00 for freebsd-security@freebsd.org; Sat, 4 Nov 2000 21:02:55 +0000 Date: Sat, 4 Nov 2000 20:59:37 -0000 From: **1st Vamp** Reply-To: **1st Vamp** To: freebsd-security@freebsd.org Subject: Re: pine 4.30 improvements X-Mailer: AK-Mail 3.1 publicbeta2a [eng] (unregistered) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Not quite OT, but related, I was wondering if anyone had any info on the security of the Nano port? - Vamp : Although the port hasn't been updated yet, I thought some people might be : interested in what changed from pine 4.21 to 4.30 (security-wise.) : In short, they've tried to make it more secure, but aren't quite there : yet. : Many more cases of bounds checking of strings have appeared, although it's : not yet perfect. At current, they're limiting themselves by not using : snprintf/strlcpy/strlcat, so auditing whether the code is safe is still a : very difficult job. : However, if they keep moving in this direction, it seems likely that pine : will be able to be considered safe within a release or two. : Mike "Silby" Silbersack : To Unsubscribe: send mail to majordomo@FreeBSD.org : with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message