From owner-freebsd-ports Fri Jul 20 12:40: 7 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 4333E37B407 for ; Fri, 20 Jul 2001 12:40:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f6KJe2076531; Fri, 20 Jul 2001 12:40:02 -0700 (PDT) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C101737B405 for ; Fri, 20 Jul 2001 12:34:27 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f6KJYRm75895; Fri, 20 Jul 2001 12:34:27 -0700 (PDT) (envelope-from nobody) Message-Id: <200107201934.f6KJYRm75895@freefall.freebsd.org> Date: Fri, 20 Jul 2001 12:34:27 -0700 (PDT) From: "Antonio M. D'souza" To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: ports/29112: Potential security issues in Balsa & Encompass Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 29112 >Category: ports >Synopsis: Potential security issues in Balsa & Encompass >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jul 20 12:40:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Antonio M. D'souza >Release: 4.3-stable >Organization: University of Waterloo >Environment: FreeBSD quikbox.ca 4.3-STABLE FreeBSD 4.3-STABLE #1: Wed May 9 22:53:16 EDT 2001 alex@rn-respw2a14.uwaterloo.ca:/usr/obj/usr/src/sys/QUIK i386 >Description: At the end of building both Encompass and Balsa, I get this series of security warnings: /usr/lib/libc.so.4: WARNING! setkey(3) not present in the system! /usr/lib/libc.so.4: warning: this program uses gets(), which is unsafe. /usr/lib/libc.so.4: warning: mktemp() possibly used unsafely; consider using mkstemp() /usr/lib/libc.so.4: WARNING! des_setkey(3) not present in the system! /usr/lib/libc.so.4: WARNING! encrypt(3) not present in the system! /usr/lib/libc.so.4: warning: tmpnam() possibly used unsafely; consider using mkstemp() /usr/lib/libc.so.4: warning: this program uses f_prealloc(), which is stupid. /usr/lib/libc.so.4: WARNING! des_cipher(3) not present in the system! /usr/lib/libc.so.4: warning: tempnam() possibly used unsafely; consider using mkstemp() >How-To-Repeat: Build the Balsa (or Encompass) port on a FreeBSD 4.3-stable box >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message