Date: Tue, 21 Sep 1999 10:47:17 +0900 From: TAOKA Satoshi <taoka@infonets.hiroshima-u.ac.jp> To: ports@freebsd.org Subject: Re: ports/13809: new port: sysutils/wmbattery Message-ID: <19990921104717Q.taoka@infonets.hiroshima-u.ac.jp> In-Reply-To: <XFMail.990920162040.andrews@TECHNOLOGIST.COM> References: <Pine.BSF.4.10.9909201135020.26241-100000@hub.freebsd.org> <XFMail.990920162040.andrews@TECHNOLOGIST.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
> >> I think wmbattery had better be set gid (to operator). > I agree.. I inadvertently forgot to add that part.. OK. > > Better make sure it's secure - many of these wm* utilities share a common > > heritage, and at least one (wmmon) contained buffer overflows from > > command-line arguments, and even processed arbitrary shell commands in a > > dotfile as the setuid user. :-( > > Well.. not much I can do about it right now since I don't even know what > programming habits/mistakes lead to buffer overflows.. meaning I can't look for > buffer overflows in wmbattery. I don't understand, too. By the way, I apply a secure-patch, wmapm/patches/patch-ab, to wmapm. wmapm can suspend or resume the PC. And wmapm is set gid. The above patch avoids to suspend or resume if the user dose not belong to the group, operater. wmapm, however, can monitor Battery. :-) S.TAOKA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990921104717Q.taoka>