From owner-freebsd-security Sun Nov 1 23:35:19 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA24803 for freebsd-security-outgoing; Sun, 1 Nov 1998 23:35:19 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from sasami.jurai.net (sasami.jurai.net [207.153.65.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA24797 for ; Sun, 1 Nov 1998 23:35:17 -0800 (PST) (envelope-from winter@jurai.net) Received: from localhost (winter@localhost) by sasami.jurai.net (8.8.8/8.8.7) with SMTP id CAA25228; Mon, 2 Nov 1998 02:34:52 -0500 (EST) Date: Mon, 2 Nov 1998 02:34:52 -0500 (EST) From: "Matthew N. Dodd" To: Dima Ruban cc: "Jan B. Koum" , peter.jeremy@auss2.alcatel.com.au, freebsd-security@FreeBSD.ORG Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) In-Reply-To: <199811020647.WAA25893@burka.rdy.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 1 Nov 1998, Dima Ruban wrote: > Let me ask you this. Would you trust a packet that came from > non-priviledged port and which wants to do something that even > remotely should be secure? The concept of 'secure port' is somewhat dated in this age of NT and Linux lusers. The bar for entry onto the net is quite a bit lower than it was 10 years ago. Trusting a 'secure port' is a good way to let someone else shoot you in the foot. -- | Matthew N. Dodd | 78 280Z | 75 164E | 84 245DL | FreeBSD/NetBSD/Sprite/VMS | | winter@jurai.net | This Space For Rent | ix86,sparc,m68k,pmax,vax | | http://www.jurai.net/~winter | Are you k-rad elite enough for my webpage? | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message