Date: Thu, 5 Oct 2000 14:22:09 -0700 From: Alfred Perlstein <bright@wintelcom.net> To: Kris Kennaway <kris@citusc.usc.edu> Cc: Brian Somers <brian@Awfulhak.org>, Ruslan Ermilov <ru@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001005142209.G27736@fw.wintelcom.net> In-Reply-To: <20001005135833.A87853@citusc17.usc.edu>; from kris@citusc.usc.edu on Thu, Oct 05, 2000 at 01:58:33PM -0700 References: <ru@FreeBSD.org> <200010051715.e95HFVn34590@hak.lan.Awfulhak.org> <20001005135833.A87853@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
* Kris Kennaway <kris@citusc.usc.edu> [001005 13:58] wrote: > On Thu, Oct 05, 2000 at 06:15:31PM +0100, Brian Somers wrote: > > > ru 2000/10/05 08:56:13 PDT > > > > > > Modified files: > > > usr.bin/finger finger.c > > > Log: > > > Do not allow `finger -m /somefile' as well. > > > > > > Revision Changes Path > > > 1.21 +4 -4 src/usr.bin/finger/finger.c > > > > Errum, thanks. Can you mfc too ? > > You know, perhaps after two security holes we should just > back this darn thing out until someone can review it? I think a good policy about this is to: 1) look at the feature and patch 2) think about it really hard 3) realize how f*cking useless and dangerous it is 4) tell the submitter "no, sorry but i can't possibly put this in!" 5) sit back and have a beer to congratulate yourself after not introducing yet another security issue. http://www.FreeBSD.org/cgi/query-pr.cgi?pr=bin%2F11997 thanks, -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001005142209.G27736>