Date: Fri, 29 Sep 2000 15:51:15 -0700 From: Kris Kennaway <kris@FreeBSD.org> To: Roman Shterenzon <roman@xpert.com> Cc: Kris Kennaway <kris@FreeBSD.org>, security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000929155115.A6456@freefall.freebsd.org> In-Reply-To: <Pine.LNX.4.10.10009291755520.17656-100000@jamus.xpert.com>; from roman@xpert.com on Sat, Sep 30, 2000 at 02:41:30AM %2B0200 References: <Pine.BSF.4.21.0009290030170.63575-100000@freefall.freebsd.org> <Pine.LNX.4.10.10009291755520.17656-100000@jamus.xpert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 30, 2000 at 02:41:30AM +0200, Roman Shterenzon wrote:
> Perhaps I'll move to mutt, the same command gives only 92 occurrences :)
> Mutt on the other hand has sgid binary installed..
I haven't looked at mutt yet - of course, just grepping for functions
is a poor indicator of the security of a program, but in the case of
pine it is so blatant (and the authors have a bad enough track record)
as to leave little doubt there are others which are remotely
exploitable aside from the currently known exploitable ones.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000929155115.A6456>