From owner-freebsd-chat  Thu Dec  2 18:25:32 1999
Delivered-To: freebsd-chat@freebsd.org
Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.240.222])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1130214FC8; Thu,  2 Dec 1999 18:25:26 -0800 (PST)
	(envelope-from mph@wopr.caltech.edu)
Received: (from mph@localhost)
	by wopr.caltech.edu (8.9.3/8.9.1) id SAA16321;
	Thu, 2 Dec 1999 18:25:13 -0800 (PST)
	(envelope-from mph)
Date: Thu, 2 Dec 1999 18:25:13 -0800
From: Matthew Hunt <mph@astro.caltech.edu>
To: Kris Kennaway <kris@hub.freebsd.org>
Cc: Jason DiCioccio <geniusj@phreebsd.org>, chat@freebsd.org,
	advocacy@freebsd.org
Subject: Re: Vulnerability postings..
Message-ID: <19991202182512.A15563@wopr.caltech.edu>
References: <19991202155924.A80952@wopr.caltech.edu> <Pine.BSF.4.21.9912021804240.45689-100000@hub.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.21.9912021804240.45689-100000@hub.freebsd.org>; from kris@hub.freebsd.org on Thu, Dec 02, 1999 at 06:09:24PM -0800
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Dec 02, 1999 at 06:09:24PM -0800, Kris Kennaway wrote:

> could do short of fixing the source (maybe print a warning about the above
> at install-time?). Thanks for jumping on this so fast..

The known problems with the solution are displayed at install time.

I'm not in a position to do a security audit for the code, and I bet
it really sucks.  The linker warns about it using tmpnam(3), which
is probably bad, too.

Thank you, too, for taking action on this and your explanation of the
problem.

Matt

-- 
Matthew Hunt <mph@astro.caltech.edu> * UNIX is a lever for the
http://www.pobox.com/~mph/           * intellect. -J.R. Mashey


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message