Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Jan 2000 17:34:36 +0900
From:      Masafumi NAKANE <max@wide.ad.jp>
To:        kris@hub.freebsd.org
Cc:        serg@dor.zaural.ru, freebsd-security@FreeBSD.org, freebsd-bugs@FreeBSD.org
Subject:   Re: delegate buffer overflow (ports)
Message-ID:  <877lgufvc3.wl@fr.aslm.rim.or.jp>
In-Reply-To: In your message of "Fri, 28 Jan 2000 00:07:52 -0800 (PST)" <Pine.BSF.4.21.0001280006430.12504-100000@hub.freebsd.org>
References:  <200001280739.MAA02652@dor.zaural.ru> <Pine.BSF.4.21.0001280006430.12504-100000@hub.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

I don't personally think it is too good idea to mark any ports
broken/forbidden  because of the security problem since they still are
good in dialup home environment, which I assume there are many users
of.

Instead, I will make this port to ask the user if he/she really wants
to continue the installation with the security information at
``pkg_add'', ``make pre-fetch'' and ``make install'' times.  This
still makes it possible to install the port without answering to the
question when ${BATCH} is set, but that's usually only set in package
building times.

     Cheers,
Max

At Fri, 28 Jan 2000 00:07:52 -0800 (PST),
Kris Kennaway <kris@hub.freebsd.org> wrote:
> Thanks for pointing it out..I'll look into this tomorrow and probably mark
> it FORBIDDEN (BROKEN won't be enough to stop the package building, since
> bento will try it anyway and notice it actually compiles :-)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?877lgufvc3.wl>