Date: Wed, 10 Jan 2001 20:23:27 -0500 (EST) From: Mikhail Kruk <meshko@cs.brandeis.edu> To: Trevor Johnson <trevor@jpj.net> Cc: Jason DiCioccio <Jason.DiCioccio@Epylon.com>, <security@FreeBSD.ORG>, Berend de Boer <berend@pobox.com> Subject: RE: CERT advisory: "Interbase Server Contains Compiled-in Back D oor Account" Message-ID: <Pine.LNX.4.30.0101102022150.20113-100000@daedalus.cs.brandeis.edu> In-Reply-To: <Pine.BSI.4.30.0101102004020.20643-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> The backdoor is not documented in the pkg-descr file for the port. If the > port is not fixed or forbidden, and it has the backdoor, the fact should > at least be documented there. I don't see how such a backdoor can be left in the package, even if there is a warning in pkg_descr. This is a potential remote exploit after all. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.30.0101102022150.20113-100000>