From owner-freebsd-security Thu Mar 16 9:34:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 4E81D37BF60 for ; Thu, 16 Mar 2000 09:34:18 -0800 (PST) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id MAA249970; Thu, 16 Mar 2000 12:33:46 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <3709.953199941@axl.ops.uunet.co.za> References: <3709.953199941@axl.ops.uunet.co.za> Date: Thu, 16 Mar 2000 12:34:14 -0500 To: Sheldon Hearn , kjm@rins.ryukoku.ac.jp (KOJIMA Hajime) From: Garance A Drosihn Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx Cc: freebsd-security@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:45 AM +0200 3/16/00, Sheldon Hearn wrote: >On Thu, 16 Mar 2000 17:30:19 +0900, KOJIMA Hajime wrote: > > > But, /stand/sysinstall still use lynx as default text browser. > > If you want to read HTML documents in sysinstall, /stand/sysinstall > > will go to install lynx package automatically (and it will fail in > > 4.0-RELEASE). > >I don't think this is a problem, since any host from which it is likely >to read documentation is quite unlikely to be malicious. I would think it's a problem if sysinstall expects to use lynx, it thus goes to install lynx, and that installation *FAILS*. If I'm reading that right, you're then left with sysinstall trying to use a package that does not exist. (true?) --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message