Date: Sat, 30 Sep 2000 12:16:26 -0600 From: Warner Losh <imp@village.org> To: "Brian F. Feldman" <green@FreeBSD.ORG> Cc: Jordan Hubbard <jkh@winston.osd.bsdi.com>, Roman Shterenzon <roman@xpert.com>, Kris Kennaway <kris@FreeBSD.ORG>, security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <200009301816.MAA12880@harmony.village.org> In-Reply-To: Your message of "Sat, 30 Sep 2000 11:38:36 EDT." <200009301538.e8UFcb538293@green.dyndns.org> References: <200009301538.e8UFcb538293@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- In message <200009301538.e8UFcb538293@green.dyndns.org> "Brian F. Feldman" writes: : Who has the motivation (of any type) to find and fix the likely hundreds of : security problems left, though? Kris marked it forbidden because it's just : too much work that's never going to get done to have even a reasonable : assurance of its safety. But, you propose actively finding which of those : problems in the code are vulnerabilities -- that's even more work than just : fixing them. I 100% support Kris' action as the security officer. We've had MANY black eyes in the security area and pine represents an unacceptible risk in its current state. We don't KNOW there's an exploit in it, otherwise we'd have fixed that case. However, past history has shown that programs that do use strcpy and sprintf rather than their safer cousins almost always wind up being the ones that you area about in bugtraq. We're supposed to be taking security seriously and Kris is being proactive about it. I disagree with Jordan about the 1950's political thing. History has shown that programs that use the unsafe interfaces generally are the ones that wind up having advisories issued about them. We are protecting our user base from these unsafe programs. Sure, these interfaces can be used in a safe way, but looking at the pine source doesn't give me the impression that care has been taken to do this. : If anyone wants to create a "secure pine" patchset, which will likely end up : in the hundreds of kilobytes, I'm sure that would be a good reason to not : mark pine as forbidden. I agree. It is time to take a stand against bad, sloppy coding practices. If pine can't cut it, then it can't cut it and should be forbidden. If someone wants to fix all the problems in pine, then I'd support their inclusion in the port. That's rather the point of marking it FORBIDDEN. : Another possibility might be to force pine into a : chroot... I guess the only good advice to give if you HAVE to run pine is to : run it inside a jail. I don't think that would work. Warner -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBOdYt89xynu/2qPVhAQE4FwQAqfxjP0FLfM7LR6khaKFNh2e07r4qS8lU K5sfLqtet0STZ7ekymwg4mjfKXsPZ9UKTZMIrDqQ5wf2Cpu5X97L918w80iq5hZ+ IMuD1yfmmqqfZTrdns5SvtLSvXPRTFN9M6qac4esckw7kLXkzpb+/hQ+UA8eh9XF eeMfGxhfSiU= =8alQ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009301816.MAA12880>