From owner-freebsd-ports Tue Sep 21 20: 9:43 1999 Delivered-To: freebsd-ports@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id D809614E64; Tue, 21 Sep 1999 20:09:41 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id C91B91CD736; Tue, 21 Sep 1999 20:09:41 -0700 (PDT) (envelope-from kris@hub.freebsd.org) Date: Tue, 21 Sep 1999 20:09:41 -0700 (PDT) From: Kris Kennaway To: TAOKA Satoshi Cc: ports@freebsd.org Subject: Re: ports/13809: new port: sysutils/wmbattery In-Reply-To: <19990921104717Q.taoka@infonets.hiroshima-u.ac.jp> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 21 Sep 1999, TAOKA Satoshi wrote: > > > Better make sure it's secure - many of these wm* utilities share a common > > > heritage, and at least one (wmmon) contained buffer overflows from > > > command-line arguments, and even processed arbitrary shell commands in a > > > dotfile as the setuid user. :-( > > > > Well.. not much I can do about it right now since I don't even know what > > programming habits/mistakes lead to buffer overflows.. meaning I can't look for > > buffer overflows in wmbattery. > > I don't understand, too. Well, given the rampaging lack of code quality in many of the wm* applets it worries me, but I don't have the time to look over the code. I guess that means I should shut up. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message