Date: Sat, 30 Sep 2000 02:57:29 +0200 (IST) From: Roman Shterenzon <roman@xpert.com> To: Kris Kennaway <kris@FreeBSD.org> Cc: security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <Pine.LNX.4.10.10009300254370.21741-100000@jamus.xpert.com> In-Reply-To: <20000929155115.A6456@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 29 Sep 2000, Kris Kennaway wrote: > On Sat, Sep 30, 2000 at 02:41:30AM +0200, Roman Shterenzon wrote: > > > Perhaps I'll move to mutt, the same command gives only 92 occurrences :) > > Mutt on the other hand has sgid binary installed.. > > I haven't looked at mutt yet - of course, just grepping for functions > is a poor indicator of the security of a program, but in the case of > pine it is so blatant (and the authors have a bad enough track record) > as to leave little doubt there are others which are remotely > exploitable aside from the currently known exploitable ones. I was just kidding about the number, strcpy(buf, DEFAULTSTR) is quite secure on most occasions. Mutt supposedly has better PGP integration and pine scares me now. (Although I'm writing this in pine) --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10009300254370.21741-100000>