Date: Mon, 11 Dec 2017 11:26:44 -0700 (MST) From: Warren Block <wblock@wonkity.com> To: Matthias Apitz <guru@unixarea.de> Cc: freebsd-ports@freebsd.org Subject: Re: Procmail Vulnerabilities check Message-ID: <alpine.BSF.2.21.1712111118470.98435@wonkity.com> In-Reply-To: <65cf5e92-948e-4aff-857b-539cbae290b4@unixarea.de> References: <fb3d23c5-e32d-452a-a0c3-c3cb12340054@cloudzeeland.nl> <a66d1c33-e405-d9e8-d9c3-2738b5e66887@cloudzeeland.nl> <alpine.BSF.2.21.1712080956580.41281@wonkity.com> <20171208180905.GA96560@troutmask.apl.washington.edu> <alpine.BSF.2.21.1712081111070.41281@wonkity.com> <20171208193011.GA2203@c720-r314251> <alpine.BSF.2.21.1712081511530.41281@wonkity.com> <20171208223849.GA2171@c720-r314251> <65cf5e92-948e-4aff-857b-539cbae290b4@unixarea.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Dec 2017, Matthias Apitz wrote:
> On Monday, 11 December 2017 04:56:04 CET, Warren Block <wblock@wonkity.com>
> wrote:
>> On Fri, 8 Dec 2017, Matthias Apitz wrote:
>>
>>> El día viernes, diciembre 08, 2017 a las 03:13:02p. m. -0700, Warren Block
>>> escribió:
>>>
>>>>> Hmm, why -d ${USER} if this is already known who I am from the
>>>>> ~/.forward file location?
>>>>
>>>> Because as a sysadmin, then you can copy it to another user without
>>>> having to edit it each time.
>>>
>>> Hmm, and why the sysadmin has to put in each copy the '-d ${USER}' when
>>> he/she puts the copy in the ~/.forward file of the USER?
>>
>> Because it's a per-user setting? I don't know for a fact, but that's how
>> I'd do it: make the solution as general as possible.
>
> Warren, you have not got my point: Why specfying '-d ${USER}' is required in
> a per user file in its HOME?
I guess I still don't understand. I don't know if it's safe or good
practice to assume $USER is set to the value of basename(~).
From owner-freebsd-ports@freebsd.org Mon Dec 11 18:36:48 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
[IPv6:2001:1900:2254:206a::19:1])
by mailman.ysv.freebsd.org (Postfix) with ESMTP id F394EE9A49D
for <freebsd-ports@mailman.ysv.freebsd.org>;
Mon, 11 Dec 2017 18:36:48 +0000 (UTC) (envelope-from lists@opsec.eu)
Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id B9CA272CBD
for <freebsd-ports@freebsd.org>; Mon, 11 Dec 2017 18:36:48 +0000 (UTC)
(envelope-from lists@opsec.eu)
Received: from pi by home.opsec.eu with local (Exim 4.89 (FreeBSD))
(envelope-from <lists@opsec.eu>)
id 1eOSwb-0000Dc-JK; Mon, 11 Dec 2017 19:36:49 +0100
Date: Mon, 11 Dec 2017 19:36:49 +0100
From: Kurt Jaeger <lists@opsec.eu>
To: Chris H <portmaster@BSDforge.com>
Cc: freebsd-ports@freebsd.org
Subject: Re: Procmail Vulnerabilities check
Message-ID: <20171211183649.GB2827@home.opsec.eu>
References: <20171211111031.GA92072@gmail.com>
<32da0142ef01d545aff61de3a3946d62@udns.ultimatedns.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <32da0142ef01d545aff61de3a3946d62@udns.ultimatedns.net>
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>;
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Dec 2017 18:36:49 -0000
Hi!
> if the majority of people install their systems via packages, that makes for
> a fairly common FreeBSD base across all users.
Why would a system installed via packaged be more homogenous than
one installed as base, and updated via freebsd-update ? I don't
understand this -- can you elaborate ?
> In closing, and more to the point regarding Sendmail; Sendmail has a nearly
> impeccable security record in at the last decade. It provides a *secure*,
> more powerful, and more flexible MX on the cheap. I see little reason to
> consider it an attack vector. Which makes *security*, and it's related
> maintenance a pretty poor argument, for it's removal.
The argument is: The update process for base is more complex
than for packages, and we've come a long way to have a very
nice pkg-system, in general. The mid-term plan is thus to package base, too.
Packaging base means sensible packages have to be defined, and
sendmail suits a package very well.
--
pi@opsec.eu +49 171 3101372 3 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.21.1712111118470.98435>