Date: Sat, 4 Nov 2000 20:59:37 -0000 From: **1st Vamp** <wes@pmason.karoo.co.uk> To: freebsd-security@freebsd.org Subject: Re: pine 4.30 improvements Message-ID: <E13sASl-0000rI-00@smtpout.kingston-internet.net>
next in thread | raw e-mail | index | archive | help
Not quite OT, but related, I was wondering if anyone had any info on the security of the Nano port? - Vamp : Although the port hasn't been updated yet, I thought some people might be : interested in what changed from pine 4.21 to 4.30 (security-wise.) : In short, they've tried to make it more secure, but aren't quite there : yet. : Many more cases of bounds checking of strings have appeared, although it's : not yet perfect. At current, they're limiting themselves by not using : snprintf/strlcpy/strlcat, so auditing whether the code is safe is still a : very difficult job. : However, if they keep moving in this direction, it seems likely that pine : will be able to be considered safe within a release or two. : Mike "Silby" Silbersack : To Unsubscribe: send mail to majordomo@FreeBSD.org : with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E13sASl-0000rI-00>