Date: Tue, 30 May 2000 02:53:15 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Chad Ziccardi <zicc@bellatlantic.net> Cc: stable@freebsd.org Subject: Re: Xfree-4 WAS: Re: Proper method of updating XFree86 Message-ID: <Pine.BSF.4.21.0005300250520.78616-100000@freefall.freebsd.org> In-Reply-To: <392B6647.887DCBBA@bellatlantic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 24 May 2000, Chad Ziccardi wrote:
> If the port maintainer knows the problem and thus it's marked forbidden,
> why not just fix it? Maybe I'm off base here, and thus I apologize.
It's not the responsibility of the ports maintainers to fix security holes
introduced by the program authors. It's taken us quite a while to get a
patch out of XFree86 to fix this, but this particular local root hole
should be fixed soon.
Of course, since XFree86 4.0 doesn't do any kind of argument limiting like
previous versions did (via XWrapper) I'd still be careful installing it on
a multiuser system (and I'll probably add a note to the port stating as
such)
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005300250520.78616-100000>