From owner-freebsd-ports@freebsd.org Mon Dec 11 18:26:47 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 625EEE99FFA for ; Mon, 11 Dec 2017 18:26:47 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0A950724A8 for ; Mon, 11 Dec 2017 18:26:46 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.15.2/8.15.2) with ESMTPS id vBBIQi5Z038954 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 11 Dec 2017 11:26:44 -0700 (MST) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id vBBIQiLK038951; Mon, 11 Dec 2017 11:26:44 -0700 (MST) (envelope-from wblock@wonkity.com) Date: Mon, 11 Dec 2017 11:26:44 -0700 (MST) From: Warren Block To: Matthias Apitz cc: freebsd-ports@freebsd.org Subject: Re: Procmail Vulnerabilities check In-Reply-To: <65cf5e92-948e-4aff-857b-539cbae290b4@unixarea.de> Message-ID: References: <20171208180905.GA96560@troutmask.apl.washington.edu> <20171208193011.GA2203@c720-r314251> <20171208223849.GA2171@c720-r314251> <65cf5e92-948e-4aff-857b-539cbae290b4@unixarea.de> User-Agent: Alpine 2.21 (BSF 202 2017-01-01) MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (wonkity.com [127.0.0.1]); Mon, 11 Dec 2017 11:26:44 -0700 (MST) Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2017 18:26:47 -0000 On Mon, 11 Dec 2017, Matthias Apitz wrote: > On Monday, 11 December 2017 04:56:04 CET, Warren Block > wrote: >> On Fri, 8 Dec 2017, Matthias Apitz wrote: >> >>> El día viernes, diciembre 08, 2017 a las 03:13:02p. m. -0700, Warren Block >>> escribió: >>> >>>>> Hmm, why -d ${USER} if this is already known who I am from the >>>>> ~/.forward file location? >>>> >>>> Because as a sysadmin, then you can copy it to another user without >>>> having to edit it each time. >>> >>> Hmm, and why the sysadmin has to put in each copy the '-d ${USER}' when >>> he/she puts the copy in the ~/.forward file of the USER? >> >> Because it's a per-user setting? I don't know for a fact, but that's how >> I'd do it: make the solution as general as possible. > > Warren, you have not got my point: Why specfying '-d ${USER}' is required in > a per user file in its HOME? I guess I still don't understand. I don't know if it's safe or good practice to assume $USER is set to the value of basename(~). From owner-freebsd-ports@freebsd.org Mon Dec 11 18:36:48 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F394EE9A49D for ; Mon, 11 Dec 2017 18:36:48 +0000 (UTC) (envelope-from lists@opsec.eu) Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B9CA272CBD for ; Mon, 11 Dec 2017 18:36:48 +0000 (UTC) (envelope-from lists@opsec.eu) Received: from pi by home.opsec.eu with local (Exim 4.89 (FreeBSD)) (envelope-from ) id 1eOSwb-0000Dc-JK; Mon, 11 Dec 2017 19:36:49 +0100 Date: Mon, 11 Dec 2017 19:36:49 +0100 From: Kurt Jaeger To: Chris H Cc: freebsd-ports@freebsd.org Subject: Re: Procmail Vulnerabilities check Message-ID: <20171211183649.GB2827@home.opsec.eu> References: <20171211111031.GA92072@gmail.com> <32da0142ef01d545aff61de3a3946d62@udns.ultimatedns.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <32da0142ef01d545aff61de3a3946d62@udns.ultimatedns.net> X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2017 18:36:49 -0000 Hi! > if the majority of people install their systems via packages, that makes for > a fairly common FreeBSD base across all users. Why would a system installed via packaged be more homogenous than one installed as base, and updated via freebsd-update ? I don't understand this -- can you elaborate ? > In closing, and more to the point regarding Sendmail; Sendmail has a nearly > impeccable security record in at the last decade. It provides a *secure*, > more powerful, and more flexible MX on the cheap. I see little reason to > consider it an attack vector. Which makes *security*, and it's related > maintenance a pretty poor argument, for it's removal. The argument is: The update process for base is more complex than for packages, and we've come a long way to have a very nice pkg-system, in general. The mid-term plan is thus to package base, too. Packaging base means sensible packages have to be defined, and sendmail suits a package very well. -- pi@opsec.eu +49 171 3101372 3 years to go !