Date: Tue, 21 Jul 1998 11:18:38 -0500 (CDT) From: Jeremy Shaffner <jer@jorsm.com> To: Brett Glass <brett@lariat.org> Cc: "Matthew N. Dodd" <winter@jurai.net>, "Christopher G. Petrilli" <petrilli@dworkin.amber.org>, "Gentry A. Bieker" <gbieker@crown.NET>, security@FreeBSD.ORG Subject: Re: Why is there no info on the QPOPPER hack? Message-ID: <Pine.BSF.3.95q.980721110446.1666H-100000@mercury.jorsm.com> In-Reply-To: <199807202352.RAA27271@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Jul 1998, Brett Glass wrote: > Thousands (maybe tens or hundreds of thousands) of systems have been > potentially compromised because that code was in the FreeBSD Ports > library. I'd find it hard to believe that such a scheme would do > anything but improve the odds that the hole would be closed. How does "have been potentially" work? > And, no, CVSup is not an answer. Isn't it? See below. > On production machines, you don't want to CVSup to the latest version -- > you just want to pick up known good patches for significant problems. > > --Brett Pardon my ignorance, since I haven't used CVS, but isn't that what the "ports" are? A skeleton with the necessary patches and a Makefile that fetches the distfile if you don't already have it? Like I said before, Jordan had an updated -stable port the same day. And if you get that new port by downloading it manually, or by letting CVSup do it "Automagically" does it really matter? It's the same either way. Sure sounds like an answer to me. -===================================================================- Jeremy Shaffner JORSM Internet Senior Technical Support Northwest Indiana's Premium jer@jorsm.com Internet Service Provider support@jorsm.com http://www.jorsm.com -===================================================================- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.980721110446.1666H-100000>