From owner-freebsd-security  Fri Sep 29 21:24:12 2000
Delivered-To: freebsd-security@freebsd.org
Received: from green.dyndns.org (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id 56DAF37B671; Fri, 29 Sep 2000 21:24:06 -0700 (PDT)
Received: from localhost (j7esry@localhost [127.0.0.1] (may be forged))
	by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e8U4O1533513;
	Sat, 30 Sep 2000 00:24:04 -0400 (EDT)
	(envelope-from green@FreeBSD.org)
Message-Id: <200009300424.e8U4O1533513@green.dyndns.org>
X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4
To: Roman Shterenzon <roman@xpert.com>
Cc: Kris Kennaway <kris@FreeBSD.org>, security@FreeBSD.org
Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) 
In-Reply-To: Message from Roman Shterenzon <roman@xpert.com> 
   of "Sat, 30 Sep 2000 02:41:30 +0200." <Pine.LNX.4.10.10009291755520.17656-100000@jamus.xpert.com> 
From: "Brian F. Feldman" <green@FreeBSD.org>
Date: Sat, 30 Sep 2000 00:24:00 -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Perhaps I'll move to mutt, the same command gives only 92 occurrences :)
> Mutt on the other hand has sgid binary installed..
> 
> On Fri, 29 Sep 2000, Kris Kennaway wrote:
> 
> > It almost killed me to see this:
> > 
> > mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l
> >     4299
> > 
> > Don't use pine - I don't believe it is practical to make it secure. :-(
> > 
> > Kris

Now we should do something else: Pine is pretty popular.  It shouldn't be, 
so we should create a page showing other mailers that are known to be much 
more secure and their virtues.  In a sense, propaganda :) but I feel it's 
very important to move people away from such insecure software, and they 
simply won't unless they see alternatives.

So, how about it?  Should we set up a page so we have a URL to put in the 
Pine insecurity notice that shows, "you can live without Pine"?  I'd propose 
the first two most popular mailers (it seems) after Pine: mutt and exmh.  
For instance, I use exmh, so I am interested in nmh being secure.  I checked 
the source, and I found only <100 uses of sprintf/strcat/strcpy.  Only a few 
of them I decided could pose a threat (others MAYBE being exploitable from 
the configuration files, but that's no big deal at all ;), and even then, 
the user would have to create a really weird mail format file to do it.

So, given those two as believed very secure (or three, counting nmh and exmh 
as an add-on which it really is) as a start, should we point people to the 
alternatives which are much safer?  I volunteer to do most of the work on 
it...

--
 Brian Fundakowski Feldman           \  FreeBSD: The Power to Serve!  /
 green@FreeBSD.org                    `------------------------------'




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message