From owner-freebsd-security  Thu Mar 16  1:58:16 2000
Delivered-To: freebsd-security@freebsd.org
Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121])
	by hub.freebsd.org (Postfix) with ESMTP id 1510137BF28
	for <freebsd-security@FreeBSD.ORG>; Thu, 16 Mar 2000 01:58:07 -0800 (PST)
	(envelope-from narvi@haldjas.folklore.ee)
Received: from localhost (narvi@localhost)
	by haldjas.folklore.ee (8.9.3/8.9.3) with SMTP id LAA62348;
	Thu, 16 Mar 2000 11:57:45 +0200 (EET)
	(envelope-from narvi@haldjas.folklore.ee)
Date: Thu, 16 Mar 2000 11:57:45 +0200 (EET)
From: Narvi <narvi@haldjas.folklore.ee>
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: KOJIMA Hajime <kjm@rins.ryukoku.ac.jp>,
	freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx 
In-Reply-To: <3709.953199941@axl.ops.uunet.co.za>
Message-ID: <Pine.BSF.3.96.1000316115654.13688g-100000@haldjas.folklore.ee>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Thu, 16 Mar 2000, Sheldon Hearn wrote:

> 
> 
> On Thu, 16 Mar 2000 17:30:19 +0900, KOJIMA Hajime wrote:
> 
> >   But, /stand/sysinstall still use lynx as default text browser.
> >   If you want to read HTML documents in sysinstall, /stand/sysinstall
> >   will go to install lynx package automatically (and it will fail in
> >   4.0-RELEASE).   
> 
> I don't think this is a problem, since any host from which it is likely
> to read documentation is quite unlikely to be malicious.
> 

A better way to put it is - if the host you install from is malicious,
lynx is the least of the problems.

> Ciao,
> Sheldon.
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message