From owner-freebsd-security Sat Sep 30 11:16:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id C846137B503; Sat, 30 Sep 2000 11:16:29 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id MAA26822; Sat, 30 Sep 2000 12:16:27 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id MAA12880; Sat, 30 Sep 2000 12:16:26 -0600 (MDT) Message-Id: <200009301816.MAA12880@harmony.village.org> To: "Brian F. Feldman" Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Cc: Jordan Hubbard , Roman Shterenzon , Kris Kennaway , security@FreeBSD.ORG In-reply-to: Your message of "Sat, 30 Sep 2000 11:38:36 EDT." <200009301538.e8UFcb538293@green.dyndns.org> References: <200009301538.e8UFcb538293@green.dyndns.org> Date: Sat, 30 Sep 2000 12:16:26 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- In message <200009301538.e8UFcb538293@green.dyndns.org> "Brian F. Feldman" writes: : Who has the motivation (of any type) to find and fix the likely hundreds of : security problems left, though? Kris marked it forbidden because it's just : too much work that's never going to get done to have even a reasonable : assurance of its safety. But, you propose actively finding which of those : problems in the code are vulnerabilities -- that's even more work than just : fixing them. I 100% support Kris' action as the security officer. We've had MANY black eyes in the security area and pine represents an unacceptible risk in its current state. We don't KNOW there's an exploit in it, otherwise we'd have fixed that case. However, past history has shown that programs that do use strcpy and sprintf rather than their safer cousins almost always wind up being the ones that you area about in bugtraq. We're supposed to be taking security seriously and Kris is being proactive about it. I disagree with Jordan about the 1950's political thing. History has shown that programs that use the unsafe interfaces generally are the ones that wind up having advisories issued about them. We are protecting our user base from these unsafe programs. Sure, these interfaces can be used in a safe way, but looking at the pine source doesn't give me the impression that care has been taken to do this. : If anyone wants to create a "secure pine" patchset, which will likely end up : in the hundreds of kilobytes, I'm sure that would be a good reason to not : mark pine as forbidden. I agree. It is time to take a stand against bad, sloppy coding practices. If pine can't cut it, then it can't cut it and should be forbidden. If someone wants to fix all the problems in pine, then I'd support their inclusion in the port. That's rather the point of marking it FORBIDDEN. : Another possibility might be to force pine into a : chroot... I guess the only good advice to give if you HAVE to run pine is to : run it inside a jail. I don't think that would work. Warner -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBOdYt89xynu/2qPVhAQE4FwQAqfxjP0FLfM7LR6khaKFNh2e07r4qS8lU K5sfLqtet0STZ7ekymwg4mjfKXsPZ9UKTZMIrDqQ5wf2Cpu5X97L918w80iq5hZ+ IMuD1yfmmqqfZTrdns5SvtLSvXPRTFN9M6qac4esckw7kLXkzpb+/hQ+UA8eh9XF eeMfGxhfSiU= =8alQ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message